Hi [[ session.user.profile.firstName ]]

Black Duck by Synopsys

  • Date
  • Rating
  • Views
  • 2018 Open Source Audit Findings: How Do You Stack Up?
    2018 Open Source Audit Findings: How Do You Stack Up? Evan Klein, Head of Product Marketing for Software Composition Analysis, Synopsys Recorded: May 24 2018 28 mins
    Open source components are the foundation of modern applications, but ineffective management around open source can lead to serious risks and unwanted media attention when security flaws lead to data breaches. The Black Duck by Synopsys 2018 Open Source Security and Risk Analysis (OSSRA) examines the previous year’s open source and security news and analyzes trends based on the audits of more than 1,100 codebases.
    Not surprisingly, 96% of the audited codebases contained open source components, and nearly 78% of the codebases contained at least one vulnerability. As the percentage of open source in codebases continues to grow, it’s clear that open source management practices need to improve.
    In this webinar, open source expert Evan Klein will walk through the report’s findings in depth and discuss strategies companies can use to minimize open source security risk while maximizing the benefits open source provides.
  • Which application security testing approach is the best?
    Which application security testing approach is the best? Patrick Carey, Director of Product Marketing, Synopsys Recorded: May 22 2018 35 mins
    Can one tool do it all?

    Applications are the #1 attack target of hackers, so application security should be an integral part of your software development tools and processes. At the same time, it's more difficult than ever before to pick an AppSec solution. It's easy to find yourself lost in sea of confusing 3 and four-letter acronyms. SAST, DAST, SCA, IAST, PEN, RASP - How do you know which one or ones to choose? In this webinar, we'll try to help simplify things to help you understand the strengths, weaknesses, and applicability of each of these approaches so you can build out your AppSec toolbox with confidence.
  • Digging into DevSecOps: Realities and Opportunities
    Digging into DevSecOps: Realities and Opportunities Jay Lyman, Principal Analyst, Cloud Management and Containers, 451 Research; Meera Rao, Senior Principal Consultant, Synopsys Recorded: May 15 2018 62 mins
    To learn more about the realities of DevSecOps today and the real degree to which security is or is not being included in enterprise continuous integration/continuous delivery workflows, we surveyed 350 decision-makers at large enterprises across a variety of industries.

    What we found is that only about half of enterprise CI/CD workflows include any security elements at all, highlighting ample room for improvement. Enterprises did seem to show an awareness of the importance of adding security elements into DevOps releases, but they are not necessarily injecting security early in the process -- ideally at code commit and in pre-implementation. This webinar will cover these and other results of our survey, and offer guidance on how enterprise organizations can effectively integrate security tools, thinking and people into their CI/CD workflows to reduce rework and risk without sacrificing velocity.
  • Introduction to Open Source Software and Licensing
    Introduction to Open Source Software and Licensing Mark Radcliffe, Partner, DLA Piper/Counsel OSI; Tony Decicco, Shareholder, GTC Law Group Recorded: May 9 2018 62 mins
    Open source software is an important part of mainstream software development organizations. Active open source use in development can drive down costs, speed time to market and increase software functionality, all without adding to the bottom line.

    And yet, even as it has become mainstream, open source is often misunderstood by legal professionals. With over two thousand different licenses in use today, it can be difficult to properly manage open source and ensure compliance.

    In this webinar, top open source legal experts Mark Radcliffe (Partner at DLA Piper and General Counsel for the Open Source Initiative) and Tony Decicco (Shareholder, GTC Law Group) will cover:

    - Brief history and definition of open source
    - The most popular open source licenses and their obligations
    - Permissive licenses vs. Restrictive licenses
  • Securing Your Applications Against Spectre
    Securing Your Applications Against Spectre James Croall, Director of SAST Product Management at Synopsys Recorded: May 3 2018 31 mins
    The recently discovered Spectre security vulnerability has taken the tech industry and security world by storm. By exploiting security vulnerabilities inherent in the design of many modern microprocessors, Spectre attacks can cause damaging leakage of personal information and data.

    There are several proposed workarounds to protect applications affected by Spectre. However, they can adversely affect performance and be time consuming for developers.

    A novel solution to mitigate Spectre is to use a static analysis tool that quickly identifies vulnerable code patterns that are likely to be exploited and reduces potential app performance degradation. In this webinar, James Croall, director of SAST product management at Synopsys, will detail how this works and cover the following:

    -What is Spectre and how is the attack carried out?
    -What are the various ways to mitigate the effects of this attack?
    -What can software development organizations do to help secure their apps against Spectre?
    -What are some best practices and examples of how to use Synopsys Static Analysis (Coverity) to better secure your apps against Spectre attacks?
  • Winning the Cage-Match: Successfully Navigate Open Source Software Issues in M&A
    Winning the Cage-Match: Successfully Navigate Open Source Software Issues in M&A Tony Decicco, Shareholder, GTC Law Group; Leon Schwartz, Associate, GTC Law Group Recorded: Apr 26 2018 62 mins
    Join Tony Decicco and Leon Schwartz of GTC Law Group for a blow-by-blow discussion of key open source software-related issues and deal points from the perspective of buyer/investor vs. seller/investee. Understanding the key legal and technical risks, as well as strategies for mitigating them, will help you to speed and smooth negotiations, avoid protracted due diligence and get better deal terms, increasing overall value. Tony and Leon will dive into what both sides of an M&A transaction are looking for, and how to stay ahead of the game when it comes to open source software.
  • DevSecOps Best Practices with Synopsys and GitHub
    DevSecOps Best Practices with Synopsys and GitHub Bryan Cross, Sr. Solutions Engineer, GitHub; Dave Meurer, Alliances Technical Mgr, Black Duck by Synopsys Recorded: Apr 24 2018 50 mins
    It's time to add “Sec” into DevOps! But while moving towards newer processes and technologies like agile methodologies, cloud and containers can help you build faster and deliver continuously, there's always the fear that adding security can severely slow things down. By using GitHub with Black Duck by Synopsys, you can automate your secure development workflows, shift security left, and avoid software rot.

    Whether you are an open source developer or enterprise software engineer, GitHub and Synopsys have solutions to help you put “Sec” into the center of DevOps without sacrificing speed and agility. In this live webinar, the experts from Synopsys and GitHub will demonstrate solutions for both open source and enterprise developers. Some highlights will include:

    - The real life of a vulnerability in 2017: Apache Struts
    - Black Duck CoPilot: It’s Free!
    - Black Duck your Pull Requests
  • Securing the Software Supply Chain – Binary Analysis and Open Source Security
    Securing the Software Supply Chain – Binary Analysis and Open Source Security Lisa Bryngelson, Sr. Product Manager, Black Duck by Synopsys Recorded: Apr 11 2018 35 mins
    Organizations of all kinds increasingly rely on third-party software from their supply chain partners and outsourcers to power the products and technology they deliver to the marketplace. Whether you’re an automotive company or a medical device manufacturer, use of third-party software libraries is now commonplace and essential to success in the competitive global marketplace.

    One of the biggest challenges companies face with third-party software is they often have no visibility into the open source libraries being used in the software they embed in their products. Over the last year, a continuous stream of news stories has attributed major security breaches to exploits of vulnerabilities in open source frameworks used by Fortune 100 companies in education, government, financial services, retail and media.

    These incidents shine a light on the need for organizations to carefully manage the open source used in the third-party libraries they consumer in order to protect themselves—and their customers—from the consequences of catastrophic security breaches.

    Our webinar will arm you with the information and statistics needed to:

    -Explain the importance of open source security to your organization
    -Understand the key differences between identifying open source in source code vs. binaries
    -Define a clear road map for unearthing, managing, and securing the open source hiding in your software supply chain
    -Take the steps to help your company avoid becoming the next security breach media story
  • Hub 4.5: Customer Driven Features around License and Compliance
    Hub 4.5: Customer Driven Features around License and Compliance Jeff Michael, Senior Product Manager and Hal Hearst, Principle Product Manager for Black Duck by Synopsys Recorded: Apr 5 2018 60 mins
    The latest Hub release – Hub 4.5 – has some exciting new, customer-driven features. Join our senior product management team as they walk you through some of the latest features and answer your questions, including:
    -Snippets scanning: Customers with the Compliance module or Professional Edition now have the ability to find OSS code fragments in their proprietary code.
    -License compliance review and approval improvements: Customers with the Compliance Module or Professional Edition will be able to globally review and approve licenses and specify policy rules to manage their use.
    -Enterprise user roles: Enhanced and extended Hub user roles allow customers more control and flexibility in distributing access and privileges in the Hub.
    -Improvements to the performance of the scan client: Stability and scalability improvements to Hub scan services as well as the scan client allows customers to consistently scan larger code bases.
  • Securing the Modern Automobile from Software Security Threats
    Securing the Modern Automobile from Software Security Threats Art Dahnert, Managing Consultant, Synopsys Recorded: Mar 29 2018 43 mins
    Today’s automobiles are advanced, complex machines relying on dozens of computers and millions of lines of software code. They are also increasingly targets for sophisticated hackers. In fact, the software running on your car could contain multiple flaws that allow an attacker to take over control of the vehicle – either in your driveway or on the freeway. What steps are manufacturers taking to secure all of that code?

    Register for our webinar to learn about these topics and more:
    - The kinds of security flaws that are possible and how were they're exploited
    - How vulnerabilities can be mitigated
    - Ways to build security in from the beginning of the software/system development process
    - Unique approaches manufacturers are taking to deal with some of these issues and what that means to you

Embed in website or blog