In the last few years, we have seen an increased number of cyber-attacks that affected a record number of systems, ransomware spreading everywhere in the world and the numerous data breaches. With all this happening, the question is how do we eradicate this mishap? One of the ways to reduce existing risks in the industry is to bring more attention to Software Security and its integration into all industry domains. We have discussed the importance of Software Security with David Lim, Head of APAC Marketing Team, who is working on Synopsys Software Integrity Group.

What is the state of implementing Software Security across the industry at the moment?

There is a broad level of awareness on the importance of software security across the industry. Widely published vulnerabilities such as Heartbleed, Jeep CAN Bus zero-day or Stagefright and data breaches like the ones at Equifax, Yahoo and Target have catapulted the issue of software security into the realm of public discourse.

However, the industry has been responding in a staggered manner. The economic impact of these vulnerabilities and breaches tend to drive the response, and the need to implement software security across the industry. We have seen that large independent software vendors (ISV’s) are at the forefront of incorporating security into their development environment and user platforms. They are followed by financial institutions and by retailers. The uptake is relatively lower in the electronics consumer goods, IoT, automotive, aerospace and medical devices industries.

Specifically in India, given the breadth of software companies that are resident here, we see independent software vendors have tended to address security with more attention than the rest. Broadly speaking, the level of security implementation across the rest of the Indian industry has lagged comparable markets across the world.

What are the biggest challenges Synopsys is facing in the domain of Software Security?

The challenges we see are 3-fold. The first being education versus awareness. Security needs to be incorporated right from the development stages, followed by testing and then in production builds. Many decision makers in the industry are broadly aware of the need for secure development environments, but their focus on security implementation outside of the testing environment needs to grow a long way.

The next challenge is to incorporate an acceptable level of code quality, security checks and compliance, where it becomes a part of the development mindset in a seamless way. Security is often treated as an afterthought.

Finally, there is a pressing need to actively track vulnerabilities and keep scanning and testing your implementation environments. Actively looking for vulnerabilities, and breaches, will help to reduce the potential impact of an attack on your end product.

Synopsys solutions for training, security and quality products, and services are aligned along these three axes.

One of the major Synopsys subdivisions is Software Integrity Program. What is behind the concept of Software Integrity and what are its main goals?

The concept behind Software Integrity is to create software that is free of security and quality defects the first time it is released, reducing risk, improving productivity and reducing costs.

There are 8 common goals Synopsys helps businesses to achieve:

• Mitigate and manage risk
• Manage compliance
• Create internal / operational efficienciesReduce time to market
• Reduce time to market
• Minimize costs
• Improve business process agility and outcomes
• Elevate customer relations and service
• Drive innovation

In your opinion, do companies need a Software Security Program?

Yes, every organization today needs to have a Software Security Program irrespective of the domain they are in. Since we are moving towards an automated world of software and Artificial Intelligence, we have to have special attention towards security implementation. This brings confidence to the organization and also to the customers who feel secure being a part of a secured environment.

How Synopsys is planning to improve the existing approach to Secure Software?

We have a vision of shifting left and help organizations to implement security right from the start. The Software Integrity Platform, which we have put in place, is in line with this vision of making software better and more secure.

What steps the industry should take to move forward Secure Software?

Awareness is fundamentally important. Training of developers and using tools, which assist them, find bugs at early stages should be the prime step. The next step is testing the developed software for its robustness and looking into the details of the OSS usage should be progressive and intense. There has to be strong and strict polices to adhere with the security implications.

Synopsys is an Associate Sponsor at nullcon Goa 2018. What do you want attendees to learn about your company from your presence at the event?

The main purpose of Synopsys is to share our knowledge and educate attendees on the existing technologies that we possess and help them build a strong security practice in their organization with us. Overall Synopsys is there to help their customers to become more secure and robust against any future attacks that may prevail.

Why do you think it is important for people to attend events like nullcon?

Events like NullCon provide an excellent platform for the software development community in the country to network and exchange best practices, share and learn the latest solutions and technologies available in the application security arena. Participants get to hear from leading industry experts, obtain hands-on experience at the workshops and are also able to view state-of- the-art solutions from the numerous exhibitors.

Visit Synopsys booth at the Exhibition Area at nullcon Goa 2018 if you would like to know more about Software Security and Software Integrity Program.

Interview by Yuliya Pliavaka.