In today’s increasingly interconnected world, various cybersecurity challenges can leave an organization open to numerous vulnerabilities, including software breaches, stolen data, and intrusions. To mitigate these vulnerabilities, Synopsys, Inc. recently announced that UL, an international safety science organization, has chosen the company’s software security testing tools to be used in their latest UL Cybersecurity Assurance Program (UL CAP).
UL CAP is a certification program, offered internationally, which delivers independent third-party assessments of network enhanced devices in line with UL 2900, UL’s cybersecurity development standard. This standard has received input from several stakeholders, including the US Department of Homeland Security.
The baseline established by the UL 2900encourages protection against software vulnerabilities andmalware, by establishing minimum risk guidelines. Synopsys’ Software Integrity Platform will be used to assess products and systems submitted into the UL CAP program against several requirements of UL 2900.
“It is encouraging that UL, one of the most prominent safety science organizations in the world, is stepping up to help address cybersecurity challenges linked to the proliferation of connected devices,” said Andreas Kuehlmann, senior vice president and general manager of Synopsys’ Software Integrity Group. “We believe their decision to collaborate with Synopsys in the early stages of the Cybersecurity Assurance Program speaks volumes about their commitment to building a framework that demonstrates integrity and testing rigor.”
UL CAP was recognized in the White House’s recent Cybersecurity National Action Plan as a key initiative to bolster the nation’s cybersecurity posture.
“This collaboration and the launch of the UL CAP program are the culmination of the diligent efforts between UL, Synopsys and many other stakeholders during the past year,” stated Mike Ahmadi, Global Director of Critical Systems Security for Synopsys’ Software Integrity Group. “Using industry-leading tools and technology and building on existing industry standards and best practices, this program has the potential to have an immediate and meaningful impact on the security of connected devices across several safety- and mission-critical industries.”
Synopsys’ testing tools for software will be used by UL to address the following, as part of the Cybersecurity Assurance Program:
Known Vulnerabilities and Exposures – Synopsys’ Protecode solution scans a product’s software executables and libraries for known vulnerabilities and exposures listed in the NIST National Vulnerability Database (NVD).
Software Weaknesses – Synopsys’ Coverity static code analysis tool will be used on all source code that is made available to the laboratory by the product vendor, to look for software weaknesses as identified in the SANS Top 25 and OWASP Top 10.
Robustness Testing – Synopsys’ Defensics solution, the fuzz testing tool used to discover the infamous Heartbleed vulnerability, tests all external interfaces and communication protocols of the product.
The Software Integrity Platform enables automated analysis, and provides a means of testing technologies that integrates seamlessly into the software development process. The platform can detect and remediate vulnerabilities early in the development cycle.
“Synopsys has been an invaluable contributor throughout the development and pilot phases of the UL Cybersecurity Assurance Program, and we will continue to collaborate with Synopsys to improve the program and its use of their tools,” said Rachna Stegall, Director of Connected Technologies, UL.