Natalie Lightner

Over 13 years experience in the software and technology spaces with roles ranging from editing to technical writing, content strategy, content management, and content marketing. 

natalie.lightner@gmail.com

707-494-4922

My Published Work

Synopsys Report

[Report] Open Source Security and Analysis Report | Synopsys

The overall percentage of codebases containing security vulnerabilities remains troublingly high. After a year of modest progress, there was another slight uptick (4%) in vulnerabilities during 2022.

While overall vulnerabilities were slightly up, the percentage of codebases with high-risk vulnerabilities was down 2% from last year, to 48%. Also promising was fewer instances of Log4J, which was found in 11% of audited Java codebases this year, down from 15%. While an improvement, this poin
Synopsys

[White Paper] Benefits of a Design Quality Audit in Due Diligence Evaluations | Synopsys

Mergers and acquisitions in the technology space—especially software technology—demand a thorough and meticulous review of the target company's software system architecture. Stakeholders require a rigorous evaluation, not just of the software overall but of the code it's composed of.

The prevalence of open source and its associated licenses in today's applications make this review and evaluation process a particularly daunting task. It's a labor-intensive effort, but failure to perform it adequ
Synopsys

[BLOG] Explore AI Code Analysis API for Secure Software | Synopsys Blog

With generative AI tools like ChatGPT, GitHub Copilot, and Tabnine flooding the software development space, software developers are quickly adopting these technologies to help automate everyday development tasks. And the use of these AI tools is continuing to expand exponentially, as evidenced by a recent Stack Overflow survey that found an overwhelming 70% of its 89,000 respondents are either currently employing AI tools in their development process or are planning to do so in 2023.

In respons
Synopsys

[Webpage] Application Security for Financial Services | Synopsys

As a provider of financial services, you depend on client trust, privacy, and risk management. It’s imperative that you protect the sensitive data your clients entrust you with from cyber attacks and data breaches. You need a solution that incorporates enterprise risk management (ERM) capabilities, not only to protect your company from the potential business impacts of a crisis but also to shield shareholders, customers, and the industry at large from any ripple effects.
Synopsys

[Report] Solving Financial Services Institute Challenges with the Synopsys AppSec Solution Suite | Synopsys

Organizations in the financial services industry (FSI) are constantly evolving to adopt new technologies aimed at automating internal processes, improving margins, and modernizing online and mobile experiences for their customers. At the same time, these organizations must quickly transform and streamline their DevOps and security practices to accommodate the rapid increase in development velocity.

But what happens when security doesn't keep pace?

In the FSI, the consequences of mismanaging so
Series

[Video Series] AppSec Decoded

• Pillar three of the United States National Cybersecurity Strategy calls for the executive and legislative branches to shape market forces to drive security and resilience. Within this pillar, it calls for vendors to be held liable for damages caused by their products if they haven’t built reasonable security measures into them. Learn which important security standards will become part of these reasonable security measures, and how the safe harbor clause protects organizations that experience
Synopsys

[BLOG] Consolidation: The wave of the (AST) future | Synopsys

Complicated and messy AppSec programs are yielding a three-fold problem: undue complexity, unmeasurable or unknown levels of risk for the business, and inefficient resource management. The combined result is a fragmented picture of overall risk for the business and no actionable data to inform pointed steps toward improving their security posture.

In a recent report, “Top Trends in Cybersecurity—Survey Analysis: Cybersecurity Platform Consolidation,” Gartner’s findings arrive at a recommended s
Synopsys

Uros - Application Security Customer Case Study | Synopsys

Prior to implementing Black Duck, the company’s open source was managed manually, with GitHub and custom-built open source scanners. This was not only labor-intensive, but it failed to identify hidden security concerns. UROS also couldn’t scale this approach across its growing business and suspected that there were a multitude of unidentified concerns that needed to be addressed.

Korkiakoski noted numerous benefits that UROS now enjoys from the implementation of Black Duck—some of which were un
Synopsys

[eBOOK] Securing Your Software Supply Chain: A Solution Guide | Synopsys

The software supply chain comprises everything that touches an application or plays a role in its assembly, development, or deployment. This includes proprietary and open source code, components built by your development team as well those provided by third parties, APIs and cloud services employed by your software, and the infrastructure used to build and deliver that software to the end user.

The final product—and its users—is affected by every component, person, activity, material, and proce
Synopsys

[Report] Peril in a Pandemic: The State of Mobile Application Security | Synopsys

Limitations driven by social distancing and lockdowns have moved the world online in remarkable ways, perhaps forever changing how we work, learn, and interact. The result is a culture increasingly reliant on our devices—and their applications—to conduct daily activities across every area of our lives, from lifestyle to education to finance.

But how secure are those applications? Are they worthy of the trust we place in them every day?

Through the lens of the COVID-19 pandemic, Synopsys analyz
Synopsys

Effective Malicious Code Detection Strategies | Synopsys Blog

First, you breathe a huge sigh of relief that you found the problem before it caused any lasting damage (data theft, log keystrokes, money siphoning, or some other subverted functions of the application).

But then you think, if someone inserted malicious code into one application, what’s to stop them from targeting another?

You need to unmask the culprit.

Malicious code can be injected into an executable as early as the development of an open source component, and as late as the final product
Synopsys

Essential Guide to Securing Cloud-Native Applications | Synopsys Blog

What containers are, and what they’re not

Physical containers, originally created to ease the transportation of goods and materials on cargo ships, developed a standardized way of packing things. Whether a sports car from Italy or coffee from South Africa, they were packed and shipped the same exact way. The simplification this provided sparked an explosion in international trade and economic growth.

Likewise, a century later, when Docker engineers produced container technology for software ap
Load More