Synopsys, a leading provider of software security solutions, has introduced Software Risk Manager, an on-premises application security posture management (ASPM) solution. This solution aims to help organizations effectively manage software risk and prioritize security efforts. With the increasing complexity of the threat landscape and the growing software footprint, there is a greater need for streamlined testing, triage, and risk management.
Software Risk Manager offers a comprehensive and powerful platform that combines policy, orchestration, correlation, and integrated static application security testing (SAST) and software composition analysis (SCA) engines. This unified platform allows security and development teams to have a centralized source of truth, enabling them to make informed decisions and deliver robust and resilient applications.
The solution aligns intelligent policy-driven orchestration and vulnerability management capabilities with Synopsys’ market-leading SAST and SCA engines, along with support for other open-source and commercial AST tools. By combining these capabilities, Synopsys’ ASPM solution provides organizations with the ability to consistently implement application security measures across their entire software development process.
Jason Schmitt, the general manager of Synopsys Software Integrity Group, emphasizes the importance of effective and efficient application security programs in reducing software risk and delivering value. He acknowledges that many organizations struggle with the complexity and operational costs of managing software risk at scale. Software Risk Manager aims to provide teams with a holistic view of their application security posture while accelerating time to value and reducing the overall cost of their AppSec programs.
According to Gartner, application security posture management helps analyze security signals across the software development lifecycle to improve visibility, manage vulnerabilities, and enforce controls. Gartner predicts that by 2026, more than 40% of organizations developing proprietary applications will adopt ASPM to identify and resolve application security issues more rapidly.
Software Risk Manager builds on the core technologies of Synopsys’ Code Dx and Intelligent Orchestration products. It has been redesigned and enhanced to deliver a comprehensive ASPM solution that offers a range of benefits to teams:
1. Implement policy-driven AppSec at scale: The solution allows teams to centrally define and enforce universal security policies, specifying parameters for test execution and vulnerability management.
2. Unify user experience across disparate application security testing tools: It enables organizations to maximize the value of existing security investments while simplifying resourcing and operations. This also facilitates the transition and consolidation of tooling across teams.
3. Consolidate vulnerability reporting and management: Teams can obtain a complete picture of security risks across projects, teams, and tools. The solution normalizes, deduplicates, and prioritizes vulnerabilities, providing a clear overview for efficient risk management.
4. Simplify AppSec integration and orchestration in development workflows: Software Risk Manager allows the integration of security workflows within existing developer toolchains and systems. It also supports quick onboarding for existing projects and builds.
5. Optimize core application security testing: The solution enables efficient deployment, management, and reporting of core application security testing functions. It leverages the same market-leading SAST and SCA engines that power Synopsys’ well-known offerings, such as Coverity and Black Duck.
By offering these capabilities, Software Risk Manager aims to empower organizations to proactively manage software risk, prioritize vulnerabilities, and deliver secure applications. This solution not only enhances security measures but also helps organizations save time and reduce costs associated with application security. As software continues to play a crucial role in businesses, it is essential for organizations to have the right tools and strategies in place to effectively manage software risk.