Synopsys to Acquire Codenomicon
Gabe Moretti, Senior Editor
After what many thought was a diversion of focus when Synopsys acquired Coverity, the company is making another bold move with the announced acquisition of Codenomicon
Based in Finland, Codenomicon is well-known and highly respected in the global software security world with a focus on software embedded in chips and devices.
The official Synopsys release states: “The additional talent, technology and products will expand Synopsys’ presence in the software security market segment and extend the Coverity quality and security platform to help software developers throughout various organizations quickly find and fix security vulnerabilities and protect applications from security attacks.”
Fine thought and certainly true. But looking at the security problems, those already found and those yet to be written about, in the IoT architecture, I think that Synopsys should not minimize the impact that the technologists at Codenomicon will have on the EDA market.
“Businesses are increasingly concerned about the security of their applications and protecting customer data. Adding the Internet of Things to the mix increases the complexity of security even further. During the past 15 months, the world was hit by major security breaches such as Heartbleed, Shellshock, etc.,” said Chi-Foon Chan, president and co-CEO of Synopsys. “By combining the Coverity platform with the Codenomicon product suite, Synopsys will expand its reach to provide a more robust software security solution with a full set of tools to help ensure the integrity, privacy and safety of an organization’s most critical software applications.”
Codenomicon’s customer base includes some of the world’s leading organizations in telecommunications, finance, manufacturing, software development, healthcare, automotive and government agencies. But as part of Synopsys Codenomicon’s solutions deliver a more comprehensive security offering for the software development lifecycle by adding its Defensics tool for file and protocol fuzz testing, and its AppCheck tool for software composition analysis and vulnerability assessment to the embedded software used in electronics systems.
The Codenomicon Defensics tool used to discover the Heartbleed bug automatically tests the target system for unknown vulnerabilities, helping developers find and fix them before a product goes to market. It is a systematic solution to make systems more robust, harden them against cyber-attacks and mitigate the risk of 0-day vulnerabilities. The Defensics tool also helps expose failed cryptographic checks, privacy leaks or authentication bypass weaknesses. The Defensics tool is heavily used by buyers of Internet-enabled products to validate and verify that procured products meet their stringent security and robustness requirements.
The Codenomicon AppCheck tool adds software composition analysis (SCA) capabilities to the Coverity platform, helping customers reduce risks in third-party and open source components. When using the AppCheck tool, customers are able to obtain a software bill of materials (BOM) for their application portfolios, and identify components with known vulnerabilities.