Synopsys, Inc. has announced that UL has selected Synopsys’ software security testing tools for use in the newly launched UL Cybersecurity Assurance Program (CAP). The UL CAP is an international certification program that provides independent third-party security assessment of network‐connectable devices in accordance UL 2900, a series of cybersecurity standards developed with input from a large group of stakeholders, including the US Department of Homeland Security, Synopsys and other members of the security industry.
UL 2900 establishes a baseline of protection against known vulnerabilities, software weaknesses and malware, and provides a minimum set of security risk controls. UL is using security testing tools from Synopsys’ Software Integrity Platform to assess products and systems submitted into the CAP program against several requirements of UL 2900.
The White House recently recognized the UL CAP in theCybersecurity National Action Planas a key initiative in the coordinated effort between the Department of Homeland Security and the private sector to enhance the Nation’s critical infrastructure security and resilience.
“It is encouraging that UL, one of the most prominent safety science organizations in the world, is stepping up to help address cybersecurity challenges linked to the proliferation of connected devices,” said Andreas Kuehlmann, senior vice president and general manager of Synopsys’ Software Integrity Group. “We believe their decision to collaborate with Synopsys in the early stages of the Cybersecurity Assurance Program speaks volumes about their commitment to building a framework that demonstrates integrity and testing rigor. This program is well-aligned with our platform of security testing solutions, and it amplifies the importance of ‘Software Signoff’ a holistic and thorough methodology enabled by our platform for integrating security testing throughout the development lifecycle and software supply chain.”
“This collaboration and the launch of the UL CAP program are the culmination of the diligent efforts between UL, Synopsys and many other stakeholders during the past year,” said Mike Ahmadi, global director of critical systems security for Synopsys’ Software Integrity Group. “Using industry-leading tools and technology and building on existing industry standards and best practices, this program has the potential to have an immediate and meaningful impact on the security of connected devices across several safety- and mission-critical industries.”
UL will use Synopsys’ software testing tools to address the following components of the Cybersecurity Assurance Program:
- Known Vulnerabilities and Exposures Synopsys’Protecodesolution scans a product’s software executables and libraries for known vulnerabilities and exposures listed in the NISTNational Vulnerability Database (NVD).
- Software Weaknesses Synopsys’Coveritystatic code analysis tool will be used on all source code that is made available to the laboratory by the product vendor, to look for software weaknesses as identified in the SANS Top 25 and OWASP Top 10.
- Robustness Testing Synopsys’Defensicssolution, the fuzz testing tool used to discover the infamous Heartbleed vulnerability, tests all external interfaces and communication protocols of the product.