News item submitted by Elizabeth Samet, Public Relations Manager, Synopsys
Read the full post on Synopsys blog here
The latest release of Coverity by Synopsys features seamless integration with our completely rebuilt eLearning platform, an on-demand developer training solution focusing on secure coding best practices and security guidance.
On-demand developer training enables development teams
Synopsys eLearning is an outcome-driven, learner-centric training solution that makes learning about security easy, relevant, and accessible. With eLearning, learners have on-demand access to an immersive, continuous learning ecosystem that unifies security expertise, instructional design, and storytelling into an intuitive platform. Features include:
- Content gamification
- Modularized courses
- Hands-on exercises
- Peer-based discussions
- Role-based training
- Training impact metrics
These features, among many others, enable developers to actively build their security competency.
The integration provides developers who have eLearning licenses and accounts with convenient access—directly from the Coverity interface—to short, context-relevant training modules to help them address security issues Coverity detects in their code.
“As more organizations adopt rapid and iterative development methodologies, it is increasingly important to shift security left in the development process. That means equipping developers with the tools and training they need to take ownership of the security of their code. Finding and fixing vulnerabilities early and teaching developers to avoid security missteps in the first place results in more secure code, and it also prevents costly rework and unnecessary delays.”
—Andreas Kuehlmann, senior vice president and general manager, Synopsys Software Integrity Group
What benefits does the Coverity-eLearning integration provide?
The integration provides developers with context-specific application security learning lessons based on the CWEs (Common Weakness Enumerations) detected by Coverity. It uses a proprietary vulnerability analysis tool to match detected CWEs with relevant eLearning course content based on a highest-confidence-level algorithmic assessment. Unlike other training tools, eLearning can link to specific lessons in a course to ensure developers quickly receive the most relevant information, rather than having to search through an entire course.
eLearning includes 37 courses covering a wide range of application security topics, including risk analysis, authentication, security standards, defensive programming for web and mobile apps, threat modeling, security testing strategy, and more.
Learn more about Synopsys eLearning
What else is in Coverity 2018.06?
The latest release of Coverity includes security analysis enhancements to detect more vulnerabilities across a variety of programming languages and frameworks, as well as continued support of the latest coding standards for embedded software.
- Coverity is one of the first SAST solutions to provide specific security checkers that identify source code segments that are potentially susceptible to Spectre attacks.
- Coding standards. Coverity enables customers to quickly develop apps that comply with the industry standards that matter most to their business. Coverity now supports the OWASP Top 10 2017 for JavaScript, CERT C++, MISRA C:2012 TC1, and DISA STIG. Coverity can also be used to mitigate critical software engineering weaknesses identified by CISQ.
- Enhanced security analysis. Coverity provides new framework and security checker support for Python, Java, and Swift