Synopsys Receives Highest Score among 10 SCA Providers in Strategy Category
Synopsys, Inc. (SNPS) announced it has been recognized as a leader in The Forrester Wave™: Software Composition Analysis, Q3 2021. The report identifies the 10 most significant vendors in the software composition analysis (SCA) market and evaluates them against 37 criteria grouped into three high-level categories: current offering, strategy, and market presence. Synopsys’ Black Duck SCA solution received the highest score among all 10 vendors in the strategy category and ranked second in the market presence category.
Recommended ITech News: Malware Attacks in Africa Are Increasing, Reaching 85 Million in Only 6 Months
The report states: “Unfortunately, as firms increasingly rely on external components, they expose themselves and their customers to greater risk when those components include critical vulnerabilities or don’t conform to company policies.” The report goes on to suggest that SCA customers should look for providers that “address risks in a wide range of nonproprietary components… advise developers on how to remediate vulnerabilities, license risks, and stale code…[and] analyze and bolster the software supply chain.”
Within the current offering category, Synopsys received among the top scores in the vulnerability identification criterion and the second highest score in the policy management criterion. According to the report, “Synopsys’s vulnerability detection capabilities are among the strongest in this Forrester Wave, and they are one of the few vendors in this Forrester Wave that conducts snippet analysis to identify potential license and copyright violations, a technique that several of their top competitors have dropped. Customer references appreciated the accuracy: ‘If Black Duck is reporting something as a problem, it’s a problem.’ References also rated Synopsys highly for vulnerability remediation guidance and prioritization.”
Within the strategy category, Synopsys received the highest scores possible in three of the six criteria: product vision, market approach, and corporate culture. The Forrester report notes that “Synopsys stands out for analysis depth and AST vision. Synopsys envisions embedding the full range of application security testing (AST) tools into developer workflows and tools so that development teams can uniformly prioritize and remediate flaws across proprietary, open source, and third-party components. The company’s SCA roadmap centers on developer enablement and the concept of intelligent progressive analysis: conducting different levels of analysis at different stages of the SDLC, depending on the need.”
“We’re proud to be recognized by Forrester as a leader in this SCA evaluation,” said Jason Schmitt, general manager of the Synopsys Software Integrity Group. “Software composition and supply chain risk are now top of mind issues for development and security teams, and Synopsys continues to lead the way with a powerful combination of accuracy, performance and scale. Our vision of frictionless identification of all types of software risk throughout the SDLC delivers a seamless experience for developers and a proactive, prioritized view of risk for security teams.”