Hi [[ session.user.profile.firstName ]]

Black Duck Software

  • Date
  • Rating
  • Views
  • Black Duck Container Security MasterClass - Deploying Containers at Scale
    Black Duck Container Security MasterClass - Deploying Containers at Scale Tim Mackey, Sr. Technology Evangelist, Black Duck Recorded: Dec 14 2017 58 mins
    IT operations teams are now deploying and running hundreds or even thousands of containers at any given time. This rapid deployment surfaces challenges in validating the contents and security of container images being deployed. In this session, Black Duck container and virtualization expert Tim Mackey will provide an overview of technologies and solutions such as Red Hat OpenShift that enable organizations to deploy containers at scale securely.

    In this webinar, Tim Mackey explores this new era of large scale container deployments and how to manage and secure them.

    Attend and you'll learn:

    - How to maintain visibility and control for the open source deployed in hundreds of containers
    - How to help your development and operations teams work together to maintain the security of containers in production
    - How to build security into your deployment of container orchestration platforms
    - Measures you can take to proactively identify risks and remediate risks on containers in production
    - How you can use Black Duck OpsSight to scan containers being created, updated or deployed through their container orchestration platforms
  • Balancing Speed & Security in a DevOps World
    Balancing Speed & Security in a DevOps World Stephen Elliott, Product Manager Google Container Registry and Dave Meurer, Director Technical Alliances Recorded: Dec 12 2017 49 mins
    DevOps teams are using cloud platforms and containers to build, deploy, and manage applications faster than ever, and utilizing large amounts of open-source software to increase agility. Google Cloud platform makes building and shipping containers even easier with Google Container Builder, Google Container Engine (GKE), and Google Container Registry (GCR). But when you deploy a container or cloud-native application, it’s hard to know exactly what contents are inside, and that can make managing security painful.
    Secure DevOps means having full visibility and control of your software supply chain to implement security and governance policies. How do you protect your DevOps without slowing down? Join experts from Google and Black Duck to discuss how to secure the software supply chain including:
    - Understanding the modern attack landscape
    - How to select safe and healthy open source software in development
    - How you can automate open source control and visibility in containers with Black Duck and both Google Container Builder and GCR
    - The Grafeas and Kritis projects, and the work Google and Black Duck are doing to enhance security visibility and provide policy enforcement for containers.
  • Buyer and Seller Perspectives on Open Source in Tech Contracts
    Buyer and Seller Perspectives on Open Source in Tech Contracts Phil Odence, Black Duck Software and David Tollen, Tech Contracts Academy Recorded: Nov 30 2017 59 mins
    Join Black Duck and Tech Contracts Academy as they discuss the implications of open source software in tech contracts. The topic of open source has been at the forefront of the technology industry for many years, but as the use of open source in commercial applications explodes, so do concerns about addressing license and ownership issues in contract negotiations.

    David Tollen is the founder of Tech Contracts Academy (www.TechContracts.com) and of Sycamore Legal P.C., in San Francisco. He’s the author of The Tech Contracts Handbook: Cloud Computing Agreements, Software Licenses, and Other IT Contracts for Lawyers and Businesspeople. He will dive into these topics from the perspective of both buyers and sellers and will aim to educate participants on Intellectual Property (IP) protection and other terms and how they should work during contract negotiations.
  • Lessons from Equifax: Open Source Security & Data Privacy Compliance
    Lessons from Equifax: Open Source Security & Data Privacy Compliance Bob Canaway, CMO, Black Duck; Mike Pittenger, VP Security Strategy, Black Duck Recorded: Nov 16 2017 46 mins
    The Equifax breach provided a unique look into “how” many breaches occur. In Equifax’s case, hackers exploited an unpatched Apache Struts component, resulting in the exposure of over 140 million consumer records. The exploit of this vulnerability highlights the need for visibility to open source in custom applications and just how ineffective traditional security solutions are when it comes to open source vulnerabilities.
     
    Further, while class action lawsuits have already begun, Equifax faces other regulatory challenges as well. The US Federal Trade Commission started investigations into the company’s security policies and controls that will likely result in financial penalties. Since the exposed data included non-US citizens, foreign data protection and data privacy regulations also come into play.
     
    Join Mike Pittenger and Bob Canaway as they discuss how organizations can more effectively manage open source, the strengths and weaknesses of testing methodologies in identifying vulnerable open source components, and how data privacy standards such as PCI, Section 5 of the FTC Act, and GDPR necessitate a change in how organizations address vulnerabilities in their code.
  • The Basics of Open Source Security
    The Basics of Open Source Security Mike Pittenger, VP of Security Strategy, Black Duck Recorded: Oct 31 2017 51 mins
    Recent news stories have attributed a major security breach to an exploit of a vulnerability in an open source framework widely used by Fortune 100 companies in education, government, financial services, retail and media.

    The incident shines a light on the need for organizations to carefully manage the open source they use to protect themselves—and their customers—from the consequences of catastrophic security breaches.

    “The Basics of Open Source Security” will arm you with the information and statistics needed to:

    -Explain the importance of open source security to your organization
    -Define a clear roadmap for identifying, managing, and securing the open source you have in use
    -Take the steps to help your company avoid becoming the next security breach media story
  • Successfully Navigating Open Source Software Issues in M&A
    Successfully Navigating Open Source Software Issues in M&A Anthony Decicco, Member of GTC Law Group PC & Affiliates Recorded: Oct 26 2017 61 mins
    Cybersecurity has become one of the areas where substantive diligence should be conducted not as an afterthought but as an integral part of the M&A process for any deal, particularly those that involve targets with any kind of online presence. The continued growth in the use of open source software underscores the importance of thorough software due diligence. This webinar examines key open source software-related issues and deal points in M&A, licensing and other transactions. Understanding these key legal and technical risks, as well as strategies for mitigating them, will help you speed and smooth negotiations, avoid protracted due diligence and get better deal terms.
  • Micro Focus Fortify & Black Duck Present: End to End Security in a DevOps World
    Micro Focus Fortify & Black Duck Present: End to End Security in a DevOps World Erdem Menges, Sr. Product Marketing Manager, Micro Focus Fortify and Dave Meurer, Technical Director, Black Duck Recorded: Oct 19 2017 49 mins
    DevOps teams are building applications faster than ever before, and utilizing large amounts of open-source software to increase agility. However, that introduces the possibility of open-source security risk. The landscape of attacks has changed in recent years, with cyber-attacks increasingly happening on the application layer. This means DevOps teams need to be involved in the security process.

    This task is made more daunting as modern applications are a mix of custom code and open source in their applications. How do you protect your DevOps? Register for this webinar where security experts from Micro Focus Fortify and Black Duck discuss:
    - Understanding the mindset of an attacker
    - Ways to automate the process of risk identification
    - The ability to gate builds when finding risk elements
  • Behind the Equifax Breach: A Deep Dive Into Apache Struts CVE-2017-5638
    Behind the Equifax Breach: A Deep Dive Into Apache Struts CVE-2017-5638 Patrick Carey, VP Product Marketing; Chris Fearon, Research Director; Pat Durante, Sr. Director Education Services Recorded: Oct 5 2017 55 mins
    Equifax confirmed that their high profile, high impact data breach was due to an exploit of a vulnerability in an open source component, Apache Struts CVE-2017-5638. Apache Struts is a mainstream web framework, widely used by Fortune 100 companies in education, government, financial services, retail and media.

    This breach highlights the need for visibility and control into the open source in use at organizations of all sizes. As the Equifax incident shows, open source security breaches can have devastating impacts for your users as well as your brand reputation, legal exposure, and revenue.

    In this webinar, Black Duck open source security experts share their analysis of what happened at Equifax and provide you with guidance to help your company avoid being the next front page news story:

    - Why should organizations prioritize open source vulnerability management?
    - How could a known vulnerability like this go undetected for so long?
    - What is CVE-2017-5638 in depth and how can hackers exploit it?
    - How can you win the race against hackers and avoid risks from future vulnerabilities?
  • Blockchain & Open Source: Hype or Potential Game Changer?
    Blockchain & Open Source: Hype or Potential Game Changer? Karen Copenhaver, Partner, Choate Hall & Stewart/Counsel, Linux Foundation; Mark Radcliffe Partner, DLA Piper/Counsel OSI Recorded: Sep 28 2017 58 mins
    There’s a lot of buzz about blockchain technology, with the revolutionary possibilities of blockchain being compared to the early days of the Internet, promising to transform the ways in which people and businesses cooperate. The second generation of open source blockchain projects such as Openchain, Ethereum and the Hyperledger Project illustrate how open source platforms are evolving in different directions to support distributed transactions and contracts of all types.

    With an eye to keeping the hype factor to a minimum, this webinar will explore the promise and potential of blockchain and look at some of the many exciting open source blockchain projects being implemented today.
  • Black Duck MasterClass - Open Source Security for Containers and Applications
    Black Duck MasterClass - Open Source Security for Containers and Applications Tim Mackey, Senior Technology Evangelist, Black Duck Recorded: Sep 19 2017 56 mins
    Managing container infrastructure in a production environment is challenged by problems of scale. One of the biggest problems is trust—specifically trust of the application. To put it another way, can you trust that all containers in your Kubernetes or OpenShift cluster are performing the tasks you expect of them? We know that containerization has increased the pace of deployment, but has trust kept pace? If a container becomes compromised in some fashion, how many other containers are at risk and how far has trust been broken?

    Tim Mackey explores the nature of data center threats, why threat models fail, how malicious attackers design their attacks, when the threat risk increases prior to attack and why information flow matters, and how traditional defenses are inadequate for container workloads. Tim then shares measures you can take to proactively identify risks, including OpenShift integrated tooling to identify container images with increased risk.

Embed in website or blog