Hi [[ session.user.profile.firstName ]]

Synopsys - Software Integrity Group Webcasts

  • Date
  • Rating
  • Views
  • Breaking Down DevSecOps: Build AppSec Into Your CI/CD Pipeline with SAST and SCA
    Breaking Down DevSecOps: Build AppSec Into Your CI/CD Pipeline with SAST and SCA Amy DeMartine, Forrester Principal Analyst and Patrick Carey, Synopsys Recorded: Mar 1 2018 60 mins
    While software grows more complex and the pace of development accelerates, the stakes for building secure software have never been higher. If you’re like most teams embracing a DevOps culture, you’re focused on breaking down silos, streamlining workflows, and cranking out functional software at a nearly continuous clip. Amid all these fundamental changes, how do you ensure your software is secure without clogging up the pipeline?

    Listen as guest Forrester Principal Analyst, Amy DeMartine and Black Duck Open Source Security Expert, Patrick Carey come together to discuss how to automate and distribute application security testing across the SDLC. In this webinar, we’ll discuss

    - Why it's important to build application security into your development and operations toolchains and processes
    - Best practices for integration application security throughout the application lifecycle
    - How to use SAST and SCA together to maximize the security of the software your teams deliver
  • Silver Bullet Podcast #143 with Elena Kvochko
    Silver Bullet Podcast #143 with Elena Kvochko Gary McGraw Recorded: Feb 26 2018 27 mins
    Elena Kvochko is the CIO for the Group Security Function within a leading financial services organization. Previously she was an information technology manager at World Economic Forum, where she led global partnership programs on cyber resilience and the Internet of Things. She was also responsible for building relationships with information technology industry partners. Elena is the author of numerous articles and has contributed to Forbes, the New York Times, Harvard Business Review, and other media outlets. She is also a member of the Wall Street Journal CIO Network. She holds full CISSP and CEH certifications and has a master’s degree in technology policy from the University of Massachusetts, as well as executive certificates from MIT and Yale. She lives in New York City.

    Listen as Gary and Elena discuss security policy, security technology, the role of a CIO, holistic security tactics, the economics of a security breach, and more.
  • GDPR’s Influence on Security: Best Practices to Support GDPR
    GDPR’s Influence on Security: Best Practices to Support GDPR Adam Brown, Manager, Security Solutions at Synopsys, Daniel Hedley, Partner at Irwin Mitchell LLP Recorded: Feb 22 2018 63 mins
    If your organisation competes in the global market, you should expect GDPR to have a critical influence on the software that powers your business. Having a disciplined software security approach will help you not only identify, remediate, and prevent weaknesses in your software but also avoid violating GDPR.

    Listen as experts Adam Brown of Synopsys and legal expert Dan Hedley of Irwin Mitchell, LLP provide insights into what GDPR requirements mean for your security initiative, how your existing security activities can support compliance, and best practices to keep in mind as you look to mature your software security program.

    About the Presenters:

    Adam Brown is Associate Managing Consultant at Synopsys in the software security consulting division. His background is in software security testing focusing on data centric web application security. Currently he specialises in helping organisations set up their software security initiatives, delivers training in software security and takes a keen interest in the GDPR from both data security and data privacy threat perspectives.

    Dan Hedley is a partner at UK law firm Irwin Mitchell LLP. He is a specialist IT lawyer, focusing in particular on software licensing and development, IT service contracts, outsourcing and cloud services. He also advises on open source compliance, data protection, software IP issues and the IT aspects of M&A and IPO transactions. He regularly acts for both established corporates and early-stage and fast growth businesses.”
  • *AST in CI/CD - How to Make it Work
    *AST in CI/CD - How to Make it Work Ofer Maor Recorded: Feb 13 2018 55 mins
    SAST, IAST, DAST, MAST, *AST – There are plenty of technologies and ways to test your software, but how do we do that without slowing us down in a rapid development environment. In this talk we will give practical advice on how to integrate software security testing into your CI/CD and your development process so it works. The talk will review the pros and cons of each of the testing technologies, and how to adapt it to rapid development, and how to manage the balance between risk and speed to build a proper signoff process, so that real threats will become blockers, but other issues will be handled in a parallel slower cycle, without slowing down the main delivery.
  • Going Tribal With CISOs
    Going Tribal With CISOs Gary McGraw, VP Security Technology, Synopsys Scott Crawford & Dan Kennedy, Research Director, 451 Research Recorded: Jan 31 2018 67 mins
    CISOs play an important role in our software-driven world, but what they do on a daily basis—and why—have largely remained a mystery—at least until we studied them in the wild and created the CISO Report.

    Join us as Gary McGraw, CISO Report author and VP of security technology at Synopsys, along with analysts Scott Crawford and Dan Kennedy from 451 Research discuss the evolving role of the CISO and what this novel study reveals:

    - What are the four newly identified CISO tribes, and which characteristics distinguish them?
    - How can knowing your tribe advance your organization’s security initiatives and spur career development?
    -Why does your CISO’s tribe reflect the priorities and dynamics within your organization?
  • Silver Bullet Podcast #142 with Craig Froelich
    Silver Bullet Podcast #142 with Craig Froelich Gary McGraw Recorded: Jan 17 2018 31 mins
    Craig Froelich is the chief information security officer (CISO) for Bank of America. He leads the Global Information Security team responsible for security strategy, policy, and programs. Before moving to Bank of America through acquisition, he was responsible for Countrywide’s cyber security technology, networks, crisis management, and security operations. Craig has over a decade of experience in product management and application development for software and hardware companies. He also serves on the board of FS-ISAC and the executive committee of BITS. On Twitter, he describes himself as “a SoCal dude learning to be a southern gentleman” as a Los Angeles transplant to Charlotte, North Carolina, where he lives with his family.

    Listen as Gary and Craig discuss the role of the CISO in the financial services ecosystem and the newly released 2018 CISO Report.
  • The 2017 Open Source Year in Review
    The 2017 Open Source Year in Review Mark Radcliffe, Partner, DLA Piper/Counsel OSI; Phil Odence, Sr. Director / GM at Black Duck Software by Synopsys Recorded: Jan 17 2018 60 mins
    Gain insights into these important legal developments from two of the leading open source legal experts, Mark Radcliffe, Partner at DLA Piper and General Counsel for the Open Source Initiative and Phil Odence, Sr. Director and General Manager at Black Duck Software by Synopsys. This annual review will highlight the most significant legal developments related to open source software in 2017, including:
    - Current litigation
    - An open source security update
    - Blockchain and its forks
    - Software Package Data Exchange (SPDX) and OpenChain
    - GDPR
    - And more
    Live attendees will be receiving a CLE credit for this webinar.
  • Silver Bullet Podcast #141 with Bruce Potter
    Silver Bullet Podcast #141 with Bruce Potter Gary McGraw Recorded: Dec 28 2017 34 mins
    Bruce Potter is CISO at Expel, where he is responsible for cyber risk and ensuring the secure operation of Expel’s services. Previously, Bruce co-founded Ponte Technologies (sold to KeyW Corporation). He then served as CTO at KeyW for 2 years. Before that, Bruce was a security consultant at Cigital. In a seemingly previous life, Bruce founded the Shmoo Group. To this day, he helps run the annual hacker conference ShmooCon. He has co-authored several books, including “802.11 Security,” “Aggressive Network Self-Defense,” and “Host Integrity Monitoring.” Bruce regularly speaks at DEF CON, Black Hat, and O’Reilly Security conferences. He lives in Maryland with his family.

    Listen as Gary and Bruce discuss ShmooCon, the state of software security books, network security trends, hacking back, the relationship between preventative security engineering and operational security, DevOps, the CISO role, and more.
  • 4 Steps to Risk Ranking Your Vulnerabilities
    4 Steps to Risk Ranking Your Vulnerabilities Mike Pittenger, VP Security Strategy, Black Duck Software Recorded: Dec 19 2017 29 mins
    Vulnerabilities are an inevitable part of software development and management. Whether it’s open source or custom code, new vulnerabilities will be discovered as a code base ages. A 2017 Black Duck analysis of code audits conducted on 1,071 applications found that 97% contained open source, but 67% of the applications had open source vulnerabilities, half of which were categorized as severe. As the number of disclosures, patches, and updates grows, security professionals must decide which items are critical and must be addressed immediately and which items can be deferred.
    Join Black Duck’s VP of Security Strategy, Mike Pittenger, for a 30-minute discussion of best practices in open source security and vulnerability management. You’ll learn:
    - Methods for determining which applications are most attractive to attackers, and which pose the greatest risk
    - Ways to assess the risk associated with a disclosed open source vulnerability
    - Strategies to minimize the impact of open source security vulnerabilities when immediate fixes can’t be made
  • Black Duck Container Security MasterClass - Deploying Containers at Scale
    Black Duck Container Security MasterClass - Deploying Containers at Scale Tim Mackey, Sr. Technology Evangelist, Black Duck Recorded: Dec 14 2017 58 mins
    IT operations teams are now deploying and running hundreds or even thousands of containers at any given time. This rapid deployment surfaces challenges in validating the contents and security of container images being deployed. In this session, Black Duck container and virtualization expert Tim Mackey will provide an overview of technologies and solutions such as Red Hat OpenShift that enable organizations to deploy containers at scale securely.

    In this webinar, Tim Mackey explores this new era of large scale container deployments and how to manage and secure them.

    Attend and you'll learn:

    - How to maintain visibility and control for the open source deployed in hundreds of containers
    - How to help your development and operations teams work together to maintain the security of containers in production
    - How to build security into your deployment of container orchestration platforms
    - Measures you can take to proactively identify risks and remediate risks on containers in production
    - How you can use Black Duck OpsSight to scan containers being created, updated or deployed through their container orchestration platforms

Embed in website or blog