Software Risk Manager simplifies application security testing
Software which combines policy-driven test orchestration and vulnerability management is available from Synopsys to simplify and streamline application security testing.
“Application security programs need to be effective and efficient at reducing software risk in order to deliver value,” said Jason Schmitt, general manager of Synopsys’ Software Integrity Group. “Many organisations embracing digital transformation are struggling with the complexity and operational costs of managing their software risk at scale. Synopsys Software Risk Manager provides teams with a holistic view of their application security posture while accelerating time to value and reducing the overall cost of their AppSec programs.”
The application security posture management (ASPM) software enables security and development teams to simplify, align and streamline application security testing across projects, teams and application security testing (AST) tools. It aligns intelligent policy-driven orchestration and vulnerability management capabilities with the Synopsys Software Integrity Group’s SAST and SCA engines, with support for other open source and commercial AST tools. The ASPM software also delivers an enhanced ability to implement application security consistently across any organisation, said Synopsys.
ASPM analyses security signals across software development, deployment, and operations to improve visibility, better manage vulnerabilities and enforce controls. Security leaders can use ASPM to improve application security efficacy and better manage risk, said market analyst, Gartner.
The analyst company predicts that by 2026, more than 40 per cent of organisations developing proprietary applications will adopt ASPM to rapidly identify and resolve application security issues.
Software Risk Manager is built Synopsys’ Code Dx and Intelligent Orchestration products which have been redesigned and enhanced to deliver a comprehensive ASPM solution. The software allows teams to implement policy driven application security at scale. It allows users to centrally define and enforce universal security policies which specify parameters for test execution and vulnerability management. It also allows users to maximise existing security investments by unifying disparate application security testing tools. It also allows users transition and consolidate tools across teams.
Consolidating vulnerability reporting and management across projects, teams and tools allows users to obtain a complete picture of security risks that is normalised, deduplicated and prioritised across tools.
Another function of the Software Risk Manager is to integrate security workflows within existing developer toolchains and systems and enable quick onboarding for existing projects and builds.
Synopsys Software Integrity Group provides software security products and services and interoperates with third-party and open source tools. Synopsys specialises in electronic design automation (EDA) and semiconductor IP and a portfolio of application security testing tools and services. Customers are SoC designers creating advanced semiconductors and software developers.
