Synopsys, Inc. (NASDAQ:SNPS) , has released its DesignWare(R) controller and PHY IP for PCI Express 2.0 and 1.1 has passed Agilent Technologies' inline error injection testing utilizing Agilent's PCI Express Jammer tool. This unique tool injects disruptive test scenarios into a real-world hardware environment to increase test coverage. As the first intellectual property (IP) provider to pass these tests, Synopsys further demonstrates the reliability and robustness of its DesignWare IP for PCI Express, even under harsh system environments. Passing these tests gives designers confidence that the IP is of high quality, proven interoperable, and can be integrated into their designs with less risk and improved time to market. Synopsys will be demonstrating the DesignWare IP for PCI Express with Agilent's Jammer tool at the PCI-SIG Developers Conference in Frankfurt, Germany from March 9-10, 2009.
Agilent's PCI Express Jammer inline error injection tool sits between two PCI Express devices and modifies data streams in real-time, creating disruptive test scenarios. The Jammer tool generates test scenarios for almost all conceivable error recovery test cases, including correctable, uncorrectable non-fatal and uncorrectable fatal errors. Synopsys has supplemented its already extensive PCI Express IP verification process with Agilent's Jammer tool to further test error recovery and error handling in real-world situations. This additional verification enhances the quality and interoperability of the DesignWare IP for PCI Express with other PCI Express devices.
"Agilent is pleased to see that our newly introduced PCI Express Jammer test tool is providing our partners, and in turn their customers with so much immediate value," said Siegfried Gross, vice president and general manager of Agilent's Digital Test Division. "By utilizing Agilent's robust in-line error injection tool, Synopsys enables designers to integrate their leading DesignWare IP for PCI Express into high performance designs with less risk and improved interoperability while expediting their time to market."
As a leading provider of PCI Express IP, Synopsys offers a complete IP solution consisting of a suite of digital controllers for endpoint, root port, switch port and dual mode, PHY IP, and verification IP that are all compliant to the PCI Express 2.0, 1.1 and PIPE specifications. Synopsys is an active member of PCI-SIG and has more than 15 years of experience delivering silicon-proven PCI, PCI-X and PCI Express solutions resulting in hundreds of customer designs in volume production. Synopsys continues to take advantage of the latest verification techniques from industry leaders such as Agilent to further differentiate the quality of its IP. This commitment to high quality reduces the risk for designers integrating PCI Express into their high performance applications.
"Agilent and Synopsys have a long history of working together to help drive the adoption of PCI Express into the market. We first worked together to create the Protocol Test Card using the DesignWare IP for PCI Express, which is one of the 'gold tests' required for compliance at the PCI-SIG workshops," said John Koeter, vice president of marketing for the Solutions Group at Synopsys. "By extending this relationship with Agilent to be the first IP vendor to pass the Jammer inline error injection testing, Synopsys is providing designers with a high-quality IP solution that they can have confidence in."
Thursday, 5 March 2009
Fortify and Cigital Launch BSIMM
Fortify Software, and Cigital, a consulting firm specializing in software security, announced today the release of the "Building Security In Maturity Model (BSIMM)," the industry's first-ever set of benchmarks for developing and growing an enterprise-wide software security program.
Based on in-depth interviews with leading enterprises such as Adobe, EMC, Google, Microsoft, QUALCOMM, Wells Fargo, and Depository Trust & Clearing Corporation (DTCC), the BSIMM pulls together a set of activities practiced by nine of the most successful software security initiatives in the world. Unlike some industry standards, BSIMM is a structured set of practices based on real-world data rather than philosophy and ideas. BSIMM provides insight on what successful organizations actually do to build security into their software and mitigate the business risk associated with insecure applications.
"Microsoft's Security Development Lifecycle (SDL) was one of the first real enterprise software security methodologies, and we are always eager to share our ideas and best practices with the industry," said Steve Lipner of Microsoft. "BSIMM provides a public 'yardstick' for measuring the progress of any organization's own software assurance program."
"Software security has turned the corner from a good idea to a business necessity. The industry has finally reached a point where enough real experience has been accumulated to compare notes and talk about what works," said Dr. Gary McGraw, CTO of Cigital and author of Software Security. "Using BSIMM, an organization can determine where its software security initiative stands, figure out how to evolve its initiative strategically, or even get a brand new initiative off the ground. BSIMM is a tool for identifying realistic business goals and implementing those technical software security activities that make the most sense for an organization."
"Virtually every organization today relies on software to operate, and at the same time the threat to that software is at an all-time high," said Dr. Brian Chess, co-founder and Chief Scientist of Fortify Software. "Businesses need software that doesn't leak millions of identity records, gin up huge legal liabilities, or allow secrets to fall into the wrong hands."
Chess, McGraw and coauthor Sammy Migues collected data on each initiative's software security activities for strategy and metrics, training, standards and requirements, security testing, code review, etc., and uncovered a number of common themes among each of the successful initiatives, including:
-- The necessity of a Software Security Group: Each of the nine enterprises has a designated group of software security personnel -- the SSG -- tasked with carrying out and facilitating software security. Average SSG size is just over one percent of the size of the software development organization.
-- Advocacy over audit: Successful SSGs, even in regulated industries, always emphasize security education, technical resources, and mentoring rather than policing for security errors and handing out punishments.
-- Use of automated technologies: Each organization performs automated code review and deploys black box testing tools, but use of these technologies requires considerable SSG know-how.
-- Training for development: All organizations have an institutionalized security training curriculum for programmers, QA engineers, and project managers.
"I was surprised by the amount of common ground discovered between the financial services organizations, ISVs, and technology companies in the BSIMM study," said Jim Routh, CISO of Depository Trust & Clearing Corporation (DTCC). "All software security initiatives are by no means identical, but these findings demonstrate that an organization isn't going it alone when it comes to software security -- you can learn from your peers. The BSIMM encapsulates important lessons from the best programs around."
"Comprehensive software security involves a combination of people, processes, and technologies, and it almost always requires some change to the way the organization operates," said analyst Joseph Feinman, VP and Gartner Fellow. "As software security comes of age, using a maturity model will only help to accelerate your enterprise security initiative." The BSIMM is the first such maturity model created entirely from real-world data.
Over the next several months, Cigital and Fortify will gather data from other leading software security initiatives to enhance the study and provide additional insight on trends and activities particular to certain vertical industries and company sizes, among other factors.
Based on in-depth interviews with leading enterprises such as Adobe, EMC, Google, Microsoft, QUALCOMM, Wells Fargo, and Depository Trust & Clearing Corporation (DTCC), the BSIMM pulls together a set of activities practiced by nine of the most successful software security initiatives in the world. Unlike some industry standards, BSIMM is a structured set of practices based on real-world data rather than philosophy and ideas. BSIMM provides insight on what successful organizations actually do to build security into their software and mitigate the business risk associated with insecure applications.
"Microsoft's Security Development Lifecycle (SDL) was one of the first real enterprise software security methodologies, and we are always eager to share our ideas and best practices with the industry," said Steve Lipner of Microsoft. "BSIMM provides a public 'yardstick' for measuring the progress of any organization's own software assurance program."
"Software security has turned the corner from a good idea to a business necessity. The industry has finally reached a point where enough real experience has been accumulated to compare notes and talk about what works," said Dr. Gary McGraw, CTO of Cigital and author of Software Security. "Using BSIMM, an organization can determine where its software security initiative stands, figure out how to evolve its initiative strategically, or even get a brand new initiative off the ground. BSIMM is a tool for identifying realistic business goals and implementing those technical software security activities that make the most sense for an organization."
"Virtually every organization today relies on software to operate, and at the same time the threat to that software is at an all-time high," said Dr. Brian Chess, co-founder and Chief Scientist of Fortify Software. "Businesses need software that doesn't leak millions of identity records, gin up huge legal liabilities, or allow secrets to fall into the wrong hands."
Chess, McGraw and coauthor Sammy Migues collected data on each initiative's software security activities for strategy and metrics, training, standards and requirements, security testing, code review, etc., and uncovered a number of common themes among each of the successful initiatives, including:
-- The necessity of a Software Security Group: Each of the nine enterprises has a designated group of software security personnel -- the SSG -- tasked with carrying out and facilitating software security. Average SSG size is just over one percent of the size of the software development organization.
-- Advocacy over audit: Successful SSGs, even in regulated industries, always emphasize security education, technical resources, and mentoring rather than policing for security errors and handing out punishments.
-- Use of automated technologies: Each organization performs automated code review and deploys black box testing tools, but use of these technologies requires considerable SSG know-how.
-- Training for development: All organizations have an institutionalized security training curriculum for programmers, QA engineers, and project managers.
"I was surprised by the amount of common ground discovered between the financial services organizations, ISVs, and technology companies in the BSIMM study," said Jim Routh, CISO of Depository Trust & Clearing Corporation (DTCC). "All software security initiatives are by no means identical, but these findings demonstrate that an organization isn't going it alone when it comes to software security -- you can learn from your peers. The BSIMM encapsulates important lessons from the best programs around."
"Comprehensive software security involves a combination of people, processes, and technologies, and it almost always requires some change to the way the organization operates," said analyst Joseph Feinman, VP and Gartner Fellow. "As software security comes of age, using a maturity model will only help to accelerate your enterprise security initiative." The BSIMM is the first such maturity model created entirely from real-world data.
Over the next several months, Cigital and Fortify will gather data from other leading software security initiatives to enhance the study and provide additional insight on trends and activities particular to certain vertical industries and company sizes, among other factors.
Subscribe to:
Posts (Atom)
