Hi [[ session.user.profile.firstName ]]

Black Duck Software

  • Date
  • Rating
  • Views
  • The State of Open Source Security The State of Open Source Security Bob Canaway, CMO, Black Duck Recorded: Nov 30 2016 56 mins
    Open Source software is the foundation for application development today and its use is growing rapidly worldwide because of the development cost reductions and innovation it enables. Black Duck discovers open source in every application it analyzes and finds finds that 35% of the average commercial software application is open source. Home-grown applications typically contain 50% or more open source.

    The dramatic growth in open source use has been accompanied by an array of security and management challenges related to a lack of visibility into and control of the open source in use. Leading organizations are aggressively pursuing ways to continue to increase their use of open source and do so without compromising effective security or management.

    This webinar will present findings from Black Duck's Center for Open Source Research examining open source use, risks, and benefits. Black Duck CMO Bob Canaway will discuss the latest open source threats, usage patterns, governance, and the changing security and management needs as open source expands across the cloud, the Internet of Things, and the digital landscape.
  • Top 5 Open Source Issues - Stories from the M&A Trenches Top 5 Open Source Issues - Stories from the M&A Trenches Jim Markwith, Managing Partner at Symons Markwith LLP Recorded: Nov 16 2016 59 mins
    Open source risk is a significant issue for both buyers and sellers in M&A transactions. Although open source comprises 30-50% of the code in an average application, results from Black Duck open source audits are eye-opening: sellers rarely know what open source they’re using and there are often serious risks associated with open source components in code assets.

    In this webinar, Jim Markwith, a technology attorney who handles complex IP licensing transactions, and has been involved in scores of M&A deals, will discuss the top five open source issues that impact transactions. He will provide in-depth descriptions of the challenges encountered and their impact on the transaction, punctuating the presentation with insightful stories from the M&A trenches.
  • Myths and Misperceptions of Open Source Security Myths and Misperceptions of Open Source Security Mike Pittenger, VP of Security Strategy, Black Duck Recorded: Nov 10 2016 41 mins
    Businesses and governments worldwide increasingly rely on open source software to reduce development costs, get to market faster, and innovate. Despite its ubiquity, there are many management and security challenges that have accompanied the explosive growth in open source usage. Most organizations don’t know how much open source is in their applications or where it is in their code base. There is considerable confusion and misinformation about the what strategies and tools are needed to identify known open source vulnerabilities in the application code and assure the secure use of open source.

    Please join Black Duck's VP of Security Strategy Mike Pittenger as he unpacks the common myths and misperceptions surrounding open source use and learn best practices to secure and manage your open source, reduce risk from security vulnerabilities and increase efficiency within your SDLC.
  • Black Duck Container Security MasterClass - Security Response Process Black Duck Container Security MasterClass - Security Response Process Tim Mackey, Sr. Technology Evangelist; John Beaudoin, Sr. Instructional Design Recorded: Oct 27 2016 88 mins
    Container usage in production environments is becoming commonplace, increasing the need to design for security and develop security response processes. Doing so starts with a clear understanding of what software is running in the datacenter.

    This Container Security Master Class looks at how datacenter operations trends are combining to promote secure container deployments. Although these trends have the potential to abate risk, without a clear understanding of the applications and their dependencies, if a successful attack does occur, the scope of compromise can inadvertently increase.
  • 2016 Open Source Risk Report – Key Findings for M&A Professionals 2016 Open Source Risk Report – Key Findings for M&A Professionals Phil Odence, Vice President & General Manager On-Demand Audits; Mike Pittenger, VP Security Strategy Recorded: Oct 26 2016 59 mins
    Open source has been adopted by organizations across all industries, including software, systems, and cloud services. How much open source is used, along with the license, security, and operational risks posed by unmanaged use of open source, is a question M&A professionals need to consider in every transaction.
    This webinar will provide insight from real world data abstracted from Black Duck M&A audits. The data covers hundreds of systems and commercial applications, the code assets of recent acquisition targets, and will illuminate why acquirers should understand exactly what is in the code base before closing the deal. Data will include:
    - The composition of open source v. proprietary code in the average code base
    - The gap between the number of open source components used vs. what was known by the target
    - The prevalence of components using licenses that could put IP at risk
    - Number and age of security vulnerabilities in the open source components
    - An understanding of which components have underactive support communities
  • Automating Security and License Compliance in Agile DevOps Environments Automating Security and License Compliance in Agile DevOps Environments Utsav Sanghani Product Manager Integrations, Partnerships & On-Demand, Black Duck Recorded: Oct 25 2016 41 mins
    Yes, it’s possible to automate open source security and license compliance processes and maintain DevOps agility. In this webinar, Product Manager Utsav Sanghani will demonstrate how Black Duck Hub plugs into Jenkins to address open source license compliance and security risks as part of an overall release process. He will cover:
    - Automating and managing open source security as part of the SDLC
    - Defining and implementing custom policies that prevent potential open source risks
    - Issue management and remediation workflow, with ideas on how going left translates into greater savings
  • Litigation and Compliance in the Open Source Ecosystem Litigation and Compliance in the Open Source Ecosystem Mark Radcliffe, Partner, DLA Piper; Bernd Siebers, Counsel, DLA Piper Recorded: Oct 12 2016 51 mins
    This webinar will examine the implications of recent open source compliance and litigation. It will touch on a series of Linux-related cases as well as stepped up compliance activity in Germany and current patent suits against Apache projects. The new litigation will be discussed in the context of prior similar cases such as the Versata-Ameriprise case. Additionally, the webinar will overview compliance best practices and how to reduce the risk of open source compliance and litigation.
  • Contain your risk: Deploy secure containers with trust and confidence Contain your risk: Deploy secure containers with trust and confidence Brent Baude, Principle Software Engineer, Atomic and Docker Development, Red Hat; Randy Kilmon, VP, Engineering, Black Duck Recorded: Sep 22 2016 51 mins
    Organizations are increasingly turning to container environments to meet the demand for faster, more agile software development. But a 2015 study conducted by Forrester Consulting on behalf of Red Hat revealed that 53% of IT operations and development decision makers at global enterprises reported container security concerns as a barrier to adoption.

    The challenges of managing security risk increase in scope and complexity when hundreds or even thousands of different open source software components and licenses are part of your application code base. Since 2014, more than 6,000 new open source security vulnerabilities have been reported, making it essential to have good visibility into and control over the open source in use in order to understand if any known vulnerabilities are present.

    In this webinar, experts from Red Hat and Black Duck will share the latest insights and recommendations for securing the open source in your containers, including protecting them from vulnerabilities like Heartbleed, Shellshock and Venom. You’ll learn:
    • Why container environments present new application security challenges, including those posed by ever-increasing open source use.
    • How to scan applications running in containers to identify open source in use and map known open source security vulnerabilities.
    • Best practices and methodologies for deploying secure containers with trust and confidence.
  • Managing Open Source in Application Security and Software Development Lifecycle Managing Open Source in Application Security and Software Development Lifecycle John Steven, CTO, Cigital; Mike Pittenger, VP Security Strategy, Black Duck Recorded: Sep 15 2016 55 mins
    Today, open source comprises a critical component of software code in the average application, yet most organizations lack the visibility into and control of the open source they’re using. A 2016 analysis of 200 commercial applications showed that 67% contained known open source vulnerabilities. Whether it’s a SaaS solution you deliver to millions of customers, or an internal application developed for employees, addressing the open source visibility and control challenges is vital to ensuring proper software security.
     
    Open source use is ubiquitous worldwide. It powers your mobile phone and your company’s most important cloud application. Securing mission critical applications must evolve to address open source as part of software security, complementing and extending the testing of in-house written code.
     
    In this webinar by Cigital and Black Duck security experts, you’ll learn:
     
    - The current state of application security management within the Software Development Lifecycle (SDLC)
    - New security considerations organizations face in testing applications that combine open source and in-house written software.
    - Steps you can take to automate and manage open source security as part of application development
  • 5 Ways to Secure Your Containers for Docker and Beyond 5 Ways to Secure Your Containers for Docker and Beyond Tim Mackey, Senior Technology Evangelist, Black Duck Software Recorded: Aug 17 2016 44 mins
    To use containers safely, you need to be aware of potential security issues and the tools you need for securing container-based systems. Secure production use of containers requires an understanding of how attackers might seek to compromise the container, and what you should be aware of to minimize that potential risk.

    Tim Mackey, Senior Technical Evangelist at Black Duck Software, provides guidance for developing container security policies and procedures around threats such as:

    1. Network security
    2. Access control
    3. Tamper management and trust
    4. Denial of service and SLAs
    5. Vulnerabilities

    Register today to learn about the biggest security challenges you face when deploying containers, and how you can effectively deal with those threats.