Hi [[ session.user.profile.firstName ]]

Black Duck by Synopsys

  • Date
  • Rating
  • Views
  • Don't Acquire Open Source Risks You're Not Aware Of
    Don't Acquire Open Source Risks You're Not Aware Of Daniel Kennedy, Research Director - Information Security, 451 Research; Phil Odence, GM – Black Duck On-Demand Recorded: Sep 19 2018 49 mins
    Modern applications are constructed using open source components. Most organizations understand they’re using open source. What they likely underestimate is its prevalence in their homegrown applications and the potential security and license compliance risks they assume if they’re not continuously monitoring those libraries. When companies merge or are acquired, that unknown risk is transferred, potentially to organizations with greater regulatory exposure. Join Daniel Kennedy, Research Director, Information Security, and Phil Odence, GM, Black Duck On-Demand, for a discussion of these risks and how to address them.
  • Using Security Champions to Build a DevSecOps Culture Within Your Organization
    Using Security Champions to Build a DevSecOps Culture Within Your Organization Brendan Sheairs, Managing Consultant, Synopsys Software Integrity Group (SIG) Recorded: Sep 13 2018 42 mins
    The security industry has made great strides developing tools and technology to integrate software security into the application development life cycle. However, it’s important not to ignore the people and process aspects of DevSecOps. Building security into application teams’ culture is necessary for DevSecOps to be successful.

    Outside the software security group, Security Champions are the leaders of this cultural change. Embedding knowledgeable champions within development teams to assist with security activities and vulnerability remediation will help your organization see this cultural shift. As a result, you’ll build new features not only faster but also more securely. In this webinar, you’ll learn the foundations of a successful Security Champions program and the challenges you’ll face implementing such a program.
  • Open Source Supply Chains and Consumption Risk - Governance, Containers & Trust
    Open Source Supply Chains and Consumption Risk - Governance, Containers & Trust Tim Mackey, Technology Evangelist Recorded: Sep 4 2018 58 mins
    Organisations increasingly rely on open source software from their supply chain partners and outsourcers to power the products and technology they deliver to the marketplace.
    Whether you’re an automotive company or a medical device manufacturer, use of open source software accelerates development schedules, and reduces costs, but how do you minimise security risks?

    One way some DevOps organisations are facing this challenge is by deploying their applications in containers.

    In this webinar, Tim Mackey explores this new era of large scale container deployments and how to manage and secure them.

    Our webinar will arm you with the information to:
    •Explain the importance of open source security to your organisation
    •Why container environments present new application security challenges
    •Best practices and methodologies for deploying secure containers with trust
  • Security Champions: Only YOU Can Prevent File Forgery
    Security Champions: Only YOU Can Prevent File Forgery Marisa Fagan, Product Security Lead, Synopsys Recorded: Aug 22 2018 57 mins
    If you’re a developer, there will come a time when you realize that you have the power not only to ship awesome features but also to protect them so that no one else can tamper with all your hard work. Every developer is responsible for coding securely, but a brave few among us will take this duty one step further by wearing the mantle of a Security Champion.

    This webinar is your guide to becoming the Security Champion you always wanted to be, in just five easy steps. We’ll also talk about what benefits you’ll get out of it, besides saving the world, and what to do if your company doesn’t have a Security Champions program or even a product security program.
  • Enhance Application Security with Automated, Open-Source Security Management
    Enhance Application Security with Automated, Open-Source Security Management Dave Meurer, Alliances Technical Manager at Black Duck by Synopsys, Kamala Dasika, Pivotal Recorded: Aug 15 2018 60 mins
    Almost every major company uses or builds software containing open-source components today—96% of them, according to a report from Black Duck by Synopsis. The same report revealed that 78% of the apps that were audited had at least one vulnerability, including several that were reported nearly six years ago! Needless to say, not having solid open-source use policies and procedures in place for your developers poses a significant risk to any enterprise.

    Black Duck and Pivotal collaborated to deliver a secure and simple user experience for rapidly building and deploying applications so that developers can benefit from the many advantages of using open source in their apps with confidence.
    Join Dave Meurer from Black Duck and Kamala Dasika from Pivotal as they discuss:

    - Key security concepts you need to know pertaining to cloud-native application development
    - How to simplify and automate open-source security management for your applications and reduce license, operational risk, or policy violations

    Dave Meurer, Alliances Technical Manager at Black Duck by Synopsys, leads solution development, enablement, and evangelism for Synopsys Software Integrity Group.

    Kamala leads GTM with Pivotal Cloud Foundry Technology partners. She has been working at Pivotal since 2013 and has previously held various product or engineering positions at VMware, Tibco, SAP, and Applied Biosystems.

    Pivotal Privacy Statement:
    https://pivotal.io/privacy-policy

    BlackDuck Privacy Statement:
    https://www.blackducksoftware.com/legal/privacy

    This webinar:
    https://content.pivotal.io/webinars/aug-15-enhance-application-security-with-automated-open-source-security-management-webinar
  • DevSecOps: Security at the Speed of DevOps with Comcast
    DevSecOps: Security at the Speed of DevOps with Comcast Larry Maccherone, Sr. Director DevSecOps Transformation, Comcast Recorded: Aug 3 2018 50 mins
    Security specialists, especially at large organizations, believe that better security comes from robust independent gating. On the other hand, DevOps has proven that you can safely deploy orders of magnitude faster than human gating can achieve.

    What’s needed to add security to DevOps are tools that work well with rapid-cycle CI/CD pipelines and an approach that reinforces the DevOps culture and process changes. This requires that security specialists become self-service toolsmiths and advisors and stop thinking of themselves as gatekeepers.

    This webinar includes guidance on the characteristics of security tools compatible with DevOps, but it focuses primarily on the harder part: the people. This talk introduces the DevSecOps manifesto and provides you with a process model, based on agile transformation techniques, to accomplish the necessary mindset shift and achieve an effective DevSecOps culture transformation. It has been successfully used in a large DevSecOps transformation at Comcast and has gained recognition in DevSecOps circles as a leading framework.
  • Reviewing Spectre 6 Months Later
    Reviewing Spectre 6 Months Later Taylor Armerding, Senior Security Strategist for Synopsys Recorded: Jul 25 2018 30 mins
    It’s been more than six months since the major design flaw in computer chips labeled Spectre became public. And, as predicted, it is still haunting the world of information technology. The CPU (central processing unit) is, after all, the “brain” of any computer, phone, tablet, modern TV, or other “smart” device.
    Since then, we’ve all learned a bit about terms some of us had never heard before—“speculative execution,” anyone? We’ve also been told that you can’t just patch a chip the way you can patch bugs in software. But you can create work-arounds with software patches.
    In this webinar, Taylor Armerding, senior security strategist for Synopsys Software Integrity Group, will address some of the questions that “regular”—i.e., nontechnical—users may have about Spectre:
    - What is it?
    - How does it work?
    - Why does it work?
    - Why didn’t chip makers catch a flaw of this magnitude during the design phase?
    - Why is a tool called static analysis the best way to work around Spectre without causing intolerable performance slowdowns?
  • Best Practices for Managing Open Source in an Organization and Throughout M&A
    Best Practices for Managing Open Source in an Organization and Throughout M&A Mark Radcliffe, Partner, DLA Piper/General Counsel OSI; Anthony Decicco, Shareholder, GTC Law Group & Affiliates Recorded: Jul 18 2018 58 mins
    The use of open source has surpassed the occasional and solidified itself as the standard. In fact, the Black Duck by Synopsys 2018 Open Source Security and Risk Analysis found that 96% of the applications we scanned last year contained open source components.

    It’s increasingly difficult to properly manage open source in an organization to ensure compliance with the over 2,000 different licenses in use today and defend against new vulnerabilities, which surface frequently.

    Join this webinar with top open source legal experts Mark Radcliffe (partner at DLA Piper and general counsel for the Open Source Initiative) and Tony Decicco (shareholder, GTC Law Group & Affiliates) as they discuss best practices for managing open source in an organization and throughout an M&A transaction:

    - How do you conduct an open source / third-party software audit?
    - How do you get the most out of your Black Duck code scan?
    i.e. Handling license compliance issues and managing security vulnerabilities
    - What are key aspects of an effective open source / third-party software policy for both inbound use and outbound contributions?
    - What are key success factors for effectively releasing code as open source?
  • *AST in CI/CD - How to Make it Work
    *AST in CI/CD - How to Make it Work Ofer Maor, Director, Solutions Management at Synopsys Recorded: Jul 17 2018 58 mins
    SAST, IAST, DAST, MAST, *AST – There are plenty of technologies and ways to test your software, but how do we do that without slowing us down in a rapid development environment. In this session we will give practical advice on how to integrate software security testing into your CI/CD and your development process so it works. The session will review the pros and cons of each of the testing technologies, how to adapt it to rapid development, and how to make testing work as organizations are moving to A/B testing. Finally, this session will guide on how to manage the balance between risk and speed to build the right process, so that real threats will become blockers, but other issues will be handled in a parallel, slower cycle, without slowing down the main delivery.
  • Getting Your Bearings in a DevSecOps World
    Getting Your Bearings in a DevSecOps World Apoorva Phadke, Associate Principal Consultant, Synopsys Recorded: Jul 12 2018 48 mins
    Development and operations teams have already come a long way by aligning around the shared goal of delivering stable, high-quality software—quickly. By automating manual processes and building tools into the continuous integration and continuous delivery (CI/CD) pipeline, they’ve increased trust between groups, which is essential as these once-disparate teams tackle critical issues together. In this webinar, you’ll learn how to build a DevSecOps culture in your organization with automated and integrated application security tools and the right training for each team.

Embed in website or blog