Contenu connexe
Similaire à Synopsys_site.pptx (20)
Synopsys_site.pptx
- 2. © 2021 Synopsys, Inc.
2
Over 30 Years of leadership, growth and innovation
Employees: ~15.000
Engineers: ~6,000
SIG: ~1,500
Engineering culture
Global reach
30+ Years of innovation
Market Value ~ $45B
2020 Revenue ~ $3.7B
$1.4B+ invested in SIG
Constant growth
1. Microsoft
2. Oracle
3. SAP
4. Symantec
5. VMware
6. Salesforce
7. Intuit
8. CA Technologies
9. Adobe
10. Teradata
11. Amdocs
12. Cerner
13. Citrix
14. Autodesk
15. Synopsys
16. Sage Group
17. Akamai Technologies
18. Nuance
19. Open Text
20. F5 Networks
Top 20 Global
Software Companies
15.
0
500
1,000
1,500
2,000
2,500
3,000
3,500
4,000
4,500
$
Millions
- 5. © 2020 Synopsys, Inc.
2022
Synopsys is a Leader in the 2022 Gartner® Magic
Quadrant for Application Security Testing (AST) for
the sixth year in a row.
Based on its ability to execute and our completeness
of vision, Synopsys is positioned highest and
farthest right for the fourth time in a row in the
Leaders Quadrant among the 14 AST vendors
evaluated by Gartner.
- 6. © 2021 Synopsys, Inc.
6
Integrated
Tools
Strategy &
Planning
Maturity Action Plan (MAP)
Coverity
SAST
Black Duck
SCA
Dynamic
Application
Security Testing
Managed
Services
Static
Application
Security Testing
Mobile
Application
Security Testing
Penetration
Testing
Professional
Services
Industry
Solutions
Architecture
and Design
Security
Training/
Champion
Programs
DevSecOps
Integration
Cloud
Security
Building Security in Maturity
Model (BSIMM)
Synopsys Software Security and Quality
Portfolio
Code Dx &
I. Orchestration
WhiteHat &
Seeker
Dynamic Analysis
- 7. © 2021 Synopsys, Inc.
7
The Problem
Development and Security Teams are
in a hurry to deliver secure software, faster
- 8. © 2021 Synopsys, Inc.
8
Development Reality
Business Demands
Development Teams
+
Time to Market
Customer
Satisfaction
Innovation
+
Meet shorter,
faster delivery
schedules
Avoid cost and
time of re-work
Maximize
developer
productivity
Meet quality,
safety, security
requirements
Maintain multi-
variants of code
- 9. © 2021 Synopsys, Inc.
9
© 2022 Synopsys, Inc. 9
Synopsys Confidential Information
One Organized View
SAST
DAST
IAST
SCA
API Scans
Addressing all of the
security touchpoints
• Only 25 of 122 BSIMM
activities are automated
• All testing must be tracked
– What test type?
– What was identified?
– What was assigned for
remediation?
– Who was it assigned to?
– Was it completed, and, if
so, when?
• Goal: eliminate Excel as
the tracking tool for testing
Lots of tools, lots of activities, no central truth
Security Reality
Risk Analysis
Architecture Analysis
Threat Modeling
Penetration Testing
Edge/Boundary Tests
Manual Code Review
Malicious Code Detection
Automated Tests Manual Tests
- 10. © 2021 Synopsys, Inc.
10
Old tools and methods slow DevOps velocity
Pipeline Congestion
Large, monolithic AppSec
testing tools can congest build,
test, and release pipelines. The
answer is smaller, purpose built
tests run intelligently at the right
time in situational context
More tools + more testing =
more findings that must be
correlated, deduplicated and
prioritized so developers aren’t
overwhelmed and can focus on
issues that matter most
Findings Overload
- 11. © 2021 Synopsys, Inc.
11
Intelligent Orchestration
Intelligent, policy-driven DevSecOps
AppSec Program
Objectives & Metrics
Prioritized tickets
for remediation
Policies
Correlates,
prioritizes,
tracks remediation,
centralizes visibility
Code Dx
Executes
the right tests,
at the right time,
at the right level
Actionable insights
into software risk
SAST SCA IAST DAST
Code Review
Threat Model Pen Test Risk Analysis