Synopsys expands security signoff solution with Cigital and Codiscope acquisition

Today Synopsys signed a definitive agreement to acquire two premier security companies. Cigital, headquartered in Dulles, Virginia, is a large application security firm specializing in professional and managed services for identifying, remediating, and preventing vulnerabilities in software applications. Codiscope, headquartered in Boston, Massachusetts, is focused on security developer tools and training modules, which Cigital distributes. The two companies are strategically aligned with Synopsys, with a shared vision of building security into the software development life cycle and across the cyber supply chain.

The cyber security landscape is becoming increasingly complex, and many organizations are struggling to determine the right software solution in the context of a multitude of point tool offerings and varying vendor strategies. This is particularly true across a broad range of industries, from enterprise and financial services, to medical devices, industrial control systems, and automotive. Having a complete end-to-end solution is vital.

Cigital consultants are instrumental in guiding organizations from the earliest stages of security readiness and system maturity, which will provide an impactful addition to Synopsys' current product-based offering. Codiscope's developer-focused tools and training modules are important in empowering developers to prioritize security. Together, we will provide what I believe will be the most comprehensive, state-of-the-art security signoff solution available in the market.

Our Synopsys Software Integrity Platform will now include:

Best-in-class products for the software development life cycle

• Static code analysis tools with the industry's lowest false-positive rate, which developers love and use to eliminate defects as the code is developed. This includes static application security testing (SAST), as well as testing for complex quality defects, covering a wide spectrum of security and safety standards such as OWASP Top 10, CWE Top 25, MISRA, and CERT C.
• Fuzz testing tools to identify difficult-to-find quality and security defects through dynamic testing with out-of-the-box support for more than 250 standard protocols and file formats.
• Software composition analysis (SCA) tools to identify known security vulnerabilities and license violations that can analyze a wide variety of software applications and support dozens of languages and binary formats.
• Category-defining interactive application security testing (IAST) tools for web application security testing.
• Automatic and on-the-fly coaching and computer-based training modules that help developers learn secure coding best practices without getting in their way.