Synopsys and ReversingLabs Expand Software Supply Chain Risk Management Agreement to manage Open-Source and Commercial Third-Party Software Supply Chain Risks

dark keyboard

Editor’s brief: Synopsys and ReversingLabs join to deliver complete software supply chain risk management for open source and commercial third party applications. Users may meet all software bill of materials (SBOM) requirements and avoid software supply chain hazards in their software development and continuous integration and continuous delivery (CI/CD) processes with the new alliance. Read more below.

SINGAPORESynopsys, Inc. (Nasdaq: SNPS) and ReversingLabs announced a software supply chain risk management collaboration today. Synopsys Software Integrity Group’s market-leading open-source scanning capabilities of Black Duck® and ReversingLabs’ Software Supply Chain Security (SSCS) Platform address complete software bill of materials (SBOM) requirements and software supply chain threats as part of their software development and CI/CD processes.

Black Duck software composition analysis addresses open-source code security, quality, and licensing compliance issues in apps and containers. Black Duck scans commercial third-party components for vulnerabilities, viruses, and software manipulation with the ReversingLabs SSCS Platform. These features help detect malware, software manipulation, and software abnormalities before release to prevent supply chain assaults. Synopsys may now resell the ReversingLabs SSCS Platform with Black Duck to automatically generate actionable SBOMs throughout the software supply chain.

“Software and security leaders are looking to Synopsys to lead in delivering complete solutions to secure the rapidly evolving software supply chain threat landscape,” said Jason Schmitt, general manager of the Synopsys Software Integrity Group. “ReversingLabs provides the perfect complement to our expertise in open-source risk and application security by layering in some of the most advanced security technology available for identifying and eliminating security risk from commercial and third-party software components. Together, we can produce accurate and complete SBOMs that include all sources of software in the supply chain.”

By 2025, 45% of organizations will encounter software supply chain assaults, according to Gartner. Thus, organizations will increase pressure on software providers and their internal software development initiatives to demonstrate security best practices.

“Recent software supply chain attacks on open-source and commercial third-party software require a new approach to software resilience,” said ReversingLabs CEO, Mario Vuksan. “This means organisations must strive for a more holistic view of the software supply chain, a deeper understanding of complex software package composition, including open-source and commercial third-party components, and a more comprehensive view of software behaviour. With Synopsys, our combined efforts will not only ensure regulatory needs are met but truly enable developers and security managers to avoid software threats and prioritize and action software risks and quality issues.”