Synopsys’s Israeli acquisition materializes as a security software

14 August, 2016

Synopsys launches Seeker 3.8 Runtime Security Analysis Tool for Web Applications, based on Israeli technology acquired in the Quotium 2015 acquisition

Synopsys launches Seeker 3.8 Runtime Security Analysis Tool for Web Applications, based on Israeli technology acquired in the Quotium 2015 acquisitionSEEKER

Synopsys announced last week the version 3.8 release of its Seeker product, the company’s runtime security analysis solution and one of the latest additions to its Software Integrity Platform. Seeker analyzes web application code and data flows at runtime using a technique known as an Interactive Application Security Testing (IAST), which detects and confirms exploitable security vulnerabilities and provides actionable guidance that enables developers to address their root causes with ease. The Seeker 3.8 release includes improvements to its security analysis, usability and technology support.

According to Synopsys, Seeker 3.8 has the ability to detect known vulnerabilities in web applications’ open source and third-party software components through a turnkey integration with Synopsys’ Protecode Supply Chain (SC) technology. Seeker 3.8 automatically scans target web application binaries and produces a list of the detected open source and third-party dependencies (also known as a software bill of materials), a list of known vulnerabilities affecting its components, and pertinent software license attributes.

“Modern web applications depend on an increasingly vast and complex supply chain of open source and third-party software components,” said Andreas Kuehlmann, senior vice president and general manager of Synopsys’ Software Integrity Group. “There are thousands of known vulnerabilities that affect commonly used components, and they represent low-hanging fruit for attackers. Software composition analysis is an invaluable complement to Seeker’s runtime security analysis as it provides a more comprehensive view of an applications’ risk posture.”

 

Web technology based on Chip technology

Synopsys’s latest software is based on Israeli technology. Acquired as part of the Quotium acquisition in 2015. The main asset of the European company was its flagship product Quotium Seeker, and its Israel based development team. “Synopsys’ growth strategy is built on three pillars: leadership in EDA, growth in IP, and growth in software application quality and security,” said Kuehlmann. “The acquisition of Seeker and the Seeker R&D team can drive growth in this third pillar by addressing the web application security needs of the enterprise market.

“We’ve seen how the Coverity platform finds security defects in the developer workflow and believe Seeker can augment that process into further stages of the agile software development lifecycle,” said Ofer Maor, co-founder and CTO of Quotium. “We’re looking forward to being part of Synopsys and better helping organizations resolve security issues across the software development lifecycle.”

The new software technologic origins lie in EDA, from which they drifted to the QA field. The design of electronic systems is characterized by highly complex processes and a wide scale use of third party modules which are separate intellectual property units, whether from different units in an organization or from external suppliers. These units have to be thoroughly verified in each development step, in order to ensure the successful completion of the development process.

The solution adopted by the semiconductor industry is called signoff: a series of verification steps that must be passed before a design can be tapped out. Synopsys has translated this methodology into the field of Software integrity, and is now implementing this methodology in its blend of coverity and the Israeli Seeker software.

Posted in: Deals and Investments , News , Security , Software and IT