Hi [[ session.user.profile.firstName ]]

Synopsys - Software Integrity Group Webcasts

  • Date
  • Rating
  • Views
  • Software is eating the world. The Embedded World that is.
    Software is eating the world. The Embedded World that is.
    Art Dahnert Recorded: May 10 2018 23 mins
    And all that code needs to be secure. This presentation will discuss what happens when unsecured code on IoT/Embedded devices are released to the unsuspecting public and how the security industry (Synopsys) can help prevent this in the future. I will cover how the latest software development techniques can also incorporate the latest cutting edge tools to help eliminate security vulnerabilities before they make it to production. And finally how you can be a part of the solution instead of part of the problem.
  • DevSecOps Best Practices with Synopsys and GitHub
    DevSecOps Best Practices with Synopsys and GitHub
    Bryan Cross, Sr. Solutions Engineer, GitHub; Dave Meurer, Alliances Technical Mgr, Black Duck by Synopsys Recorded: Apr 24 2018 50 mins
    It's time to add “Sec” into DevOps! But while moving towards newer processes and technologies like agile methodologies, cloud and containers can help you build faster and deliver continuously, there's always the fear that adding security can severely slow things down. By using GitHub with Black Duck by Synopsys, you can automate your secure development workflows, shift security left, and avoid software rot.

    Whether you are an open source developer or enterprise software engineer, GitHub and Synopsys have solutions to help you put “Sec” into the center of DevOps without sacrificing speed and agility. In this live webinar, the experts from Synopsys and GitHub will demonstrate solutions for both open source and enterprise developers. Some highlights will include:

    - The real life of a vulnerability in 2017: Apache Struts
    - Black Duck CoPilot: It’s Free!
    - Black Duck your Pull Requests
  • Securing the Software Supply Chain – Binary Analysis and Open Source Security
    Securing the Software Supply Chain – Binary Analysis and Open Source Security
    Lisa Bryngelson, Sr. Product Manager, Black Duck by Synopsys Recorded: Apr 11 2018 35 mins
    Organizations of all kinds increasingly rely on third-party software from their supply chain partners and outsourcers to power the products and technology they deliver to the marketplace. Whether you’re an automotive company or a medical device manufacturer, use of third-party software libraries is now commonplace and essential to success in the competitive global marketplace.

    One of the biggest challenges companies face with third-party software is they often have no visibility into the open source libraries being used in the software they embed in their products. Over the last year, a continuous stream of news stories has attributed major security breaches to exploits of vulnerabilities in open source frameworks used by Fortune 100 companies in education, government, financial services, retail and media.

    These incidents shine a light on the need for organizations to carefully manage the open source used in the third-party libraries they consumer in order to protect themselves—and their customers—from the consequences of catastrophic security breaches.

    Our webinar will arm you with the information and statistics needed to:

    -Explain the importance of open source security to your organization
    -Understand the key differences between identifying open source in source code vs. binaries
    -Define a clear road map for unearthing, managing, and securing the open source hiding in your software supply chain
    -Take the steps to help your company avoid becoming the next security breach media story
  • Application Security: What to Know for 2018
    Application Security: What to Know for 2018
    Mike Pittenger, Security Strategist Recorded: Mar 27 2018 55 mins
    Application security is quickly becoming a "must have" for security teams. High profile breaches, including Equifax and a multitude of ransomware attacks, have the attention of senior management of company Boards. Knowing where to start can be difficult.

    Not every company has the same needs or organizational maturity to manage a full-blown application security program. This webinar will cover some of the tools and exercises deployed by application security teams to build security into their processes, including:

    - Tools and security tips for each phase of the development lifecycle
    - Which tools to use for different types of code
    - In-house and 3rd party options for starting an application security program
  • Software Development with Open Source: Securing Applications and IP
    Software Development with Open Source: Securing Applications and IP
    Tim Mackey, Sr. Technology Evangelist at Black Duck by Synopsys Recorded: Mar 21 2018 59 mins
    Open source software is embraced by developers, enterprises, and governments at every level, and with it comes many strong opinions and few facts. How much open source is really being used in the applications you buy? Does the "many eyes" theory make open source more secure? Does traditional security testing address vulnerabilities in open source?

    With organizations becoming more agile but facing increasing regulatory governance, understanding how open source software development works, and how to secure open source, is increasingly important. In this session we’ll cover:
    - Code contribution and IP management
    - Fork management
    - Release process
    - Security response processes
    - Realities of IP risk and open source
    - Pass through security risk and responsibility
    - Keeping up with scope of impact changes within a single disclosure
    - Automating awareness of security risk from development through integration and delivery to deployment
  • Silver Bullet Podcast #143 with Elena Kvochko
    Silver Bullet Podcast #143 with Elena Kvochko
    Gary McGraw Recorded: Feb 26 2018 27 mins
    Elena Kvochko is the CIO for the Group Security Function within a leading financial services organization. Previously she was an information technology manager at World Economic Forum, where she led global partnership programs on cyber resilience and the Internet of Things. She was also responsible for building relationships with information technology industry partners. Elena is the author of numerous articles and has contributed to Forbes, the New York Times, Harvard Business Review, and other media outlets. She is also a member of the Wall Street Journal CIO Network. She holds full CISSP and CEH certifications and has a master’s degree in technology policy from the University of Massachusetts, as well as executive certificates from MIT and Yale. She lives in New York City.

    Listen as Gary and Elena discuss security policy, security technology, the role of a CIO, holistic security tactics, the economics of a security breach, and more.
  • *AST in CI/CD - How to Make it Work
    *AST in CI/CD - How to Make it Work
    Ofer Maor Recorded: Feb 13 2018 55 mins
    SAST, IAST, DAST, MAST, *AST – There are plenty of technologies and ways to test your software, but how do we do that without slowing us down in a rapid development environment. In this talk we will give practical advice on how to integrate software security testing into your CI/CD and your development process so it works. The talk will review the pros and cons of each of the testing technologies, and how to adapt it to rapid development, and how to manage the balance between risk and speed to build a proper signoff process, so that real threats will become blockers, but other issues will be handled in a parallel slower cycle, without slowing down the main delivery.
  • Silver Bullet Podcast #142 with Craig Froelich
    Silver Bullet Podcast #142 with Craig Froelich
    Gary McGraw Recorded: Jan 17 2018 31 mins
    Craig Froelich is the chief information security officer (CISO) for Bank of America. He leads the Global Information Security team responsible for security strategy, policy, and programs. Before moving to Bank of America through acquisition, he was responsible for Countrywide’s cyber security technology, networks, crisis management, and security operations. Craig has over a decade of experience in product management and application development for software and hardware companies. He also serves on the board of FS-ISAC and the executive committee of BITS. On Twitter, he describes himself as “a SoCal dude learning to be a southern gentleman” as a Los Angeles transplant to Charlotte, North Carolina, where he lives with his family.

    Listen as Gary and Craig discuss the role of the CISO in the financial services ecosystem and the newly released 2018 CISO Report.
  • The 2017 Open Source Year in Review
    The 2017 Open Source Year in Review
    Mark Radcliffe, Partner, DLA Piper/Counsel OSI; Phil Odence, Sr. Director / GM at Black Duck Software by Synopsys Recorded: Jan 17 2018 60 mins
    Gain insights into these important legal developments from two of the leading open source legal experts, Mark Radcliffe, Partner at DLA Piper and General Counsel for the Open Source Initiative and Phil Odence, Sr. Director and General Manager at Black Duck Software by Synopsys. This annual review will highlight the most significant legal developments related to open source software in 2017, including:
    - Current litigation
    - An open source security update
    - Blockchain and its forks
    - Software Package Data Exchange (SPDX) and OpenChain
    - GDPR
    - And more
    Live attendees will be receiving a CLE credit for this webinar.
  • Silver Bullet Podcast #141 with Bruce Potter
    Silver Bullet Podcast #141 with Bruce Potter
    Gary McGraw Recorded: Dec 28 2017 34 mins
    Bruce Potter is CISO at Expel, where he is responsible for cyber risk and ensuring the secure operation of Expel’s services. Previously, Bruce co-founded Ponte Technologies (sold to KeyW Corporation). He then served as CTO at KeyW for 2 years. Before that, Bruce was a security consultant at Cigital. In a seemingly previous life, Bruce founded the Shmoo Group. To this day, he helps run the annual hacker conference ShmooCon. He has co-authored several books, including “802.11 Security,” “Aggressive Network Self-Defense,” and “Host Integrity Monitoring.” Bruce regularly speaks at DEF CON, Black Hat, and O’Reilly Security conferences. He lives in Maryland with his family.

    Listen as Gary and Bruce discuss ShmooCon, the state of software security books, network security trends, hacking back, the relationship between preventative security engineering and operational security, DevOps, the CISO role, and more.

Embed in website or blog