Hi [[ session.user.profile.firstName ]]

Synopsys Software Integrity Group (SIG)

  • Date
  • Rating
  • Views
  • Growth of Web Services & APIs and the Risks in M&A
    Growth of Web Services & APIs and the Risks in M&A
    Tony Decicco, GTC Law Group & Phil Odence, Synopsys Recorded: May 22 2019 61 mins
    Just like most software assets contain open source, modern software applications commonly link to external web services via APIs. By using web services, developers may be inadvertently signing their companies up to terms of service or using a web service without a suitable agreement. And using these services can expose a company to security, data privacy, and operational risks that could disrupt or severely affect the business. As part of the tech M&A due diligence process, you should be aware of these web services-related risks so that you can make informed decisions about deal valuation and remediation.

    Join Tony Decicco, shareholder at GTC Law Group and Affiliates, and Phil Odence, GM of Black Duck Audits, as they discuss the types of risk associated with web services and how they can affect an M&A transaction. They’ll cover:

    • Typical terms of service and common pitfalls
    • The legal compliance, data privacy, security, and business risks that come with web services
    • Real-world examples of these risks
    • How a buyer can get a better understanding of these risks in a target’s codebase or a seller can prepare for diligence to avoid risks in this area

    Don’t miss this informative webinar. Register today.
  • AppSec Hype or Reality? Demystifying IAST
    AppSec Hype or Reality? Demystifying IAST
    Asma Zubair, Product Mgmt Mgr, Sr Staff, Synopsys and Kimm Yeo, Product Marketing Mgr, Staff, Synopsys Recorded: May 22 2019 61 mins
    Are you struggling with application security testing? Do you wish it was easier, faster, and better? Join us to learn more about IAST, a next-generation AppSec tool that provides highly accurate, real-time vulnerability results without the need for application or source code scans. Learn how this nondisruptive tool can:
    - Run in the background and report vulnerabilities during functional testing, CI/CD, and QA activities.
    - Prioritize and triage vulnerability findings in real time with 100% confidence.
    - Fully automate secure code delivery and deployment, without the need for extra security scans or processes.
    - Free up development and security resources to focus on strategic or mission-critical tasks and contributions.
  • Mitigating Software Risks for DoD and Government Agencies
    Mitigating Software Risks for DoD and Government Agencies
    Joe Jarzombek, Director for Government, Aerospace & Defense Programs, Synopsys Recorded: May 21 2019 49 mins
    As the cyber threat landscape evolves and external dependencies grow more complex, managing risks to enterprise and connected embedded systems requires more than reactive measures. Many organizations proactively reduce attack surfaces in their cyber supply chain and assets targeted for exploitation. IT asset management should leverage automated means to detect weaknesses and vulnerabilities in software. Addressing cyber supply chain dependencies enables the hardening of attack surfaces by comprehensively identifying exploit targets, understanding how assets are attacked, and providing responsive mitigation. Automation tools and services, testing and certification programs now provide means to reduce risk attributable to exploitable software. This presentation addresses means of using information to prioritize mitigation efforts focused on reducing exploitable attack vectors; enabling organizations to proactively harden their attack surface and become more resilient in the face of growing threats and asymmetric attacks.

    Lt. Col. Joe Jarzombek (USAF, ret.) is Director, Government, Aerospace & Defense Programs at Synopsys. He previously served as Deputy Director, Information Assurance in the Office of the CIO Dept. of Defense. He later served as Director, Software and Supply Chain Assurance in the Dept. of Homeland Security. Today, Joe guides Synopsys’ global leadership to address needs of public sector, aerospace and defense communities. He participates in consortia, public-private collaboration and standards groups, and R&D projects to accelerate technology adoption. Joe has 30+ years in software security, safety and quality in embedded and networked systems and enterprise IT. Joe is a Certified Secure Software Lifecycle Professional (CSSLP) and project management professional with an MS in Computer Information Systems, a BA in Computer Science and a BBA in Data Processing and Analysis.
  • Deploy Containers Confidently With Synopsys and Google Cloud
    Deploy Containers Confidently With Synopsys and Google Cloud
    Sandra Guo, Google & Tomas Gonzalez, Synopsys Recorded: May 16 2019 54 mins
    Containers and Kubernetes have changed the way organizations develop and deploy applications. But with increased agility comes increased risk. The last thing any company wants is to deploy software from unknown sources or with known vulnerabilities. Binary Authorization together with GKE allows you to “sign” software as it moves through the software supply chain. This way, you can ensure that no software goes to production till you approve it. In this webinar, we’ll discuss the role Black Duck plays in this signing process. We’ll also demonstrate how Black Duck, as part of a Cloud Build workflow, can attest to the security and license compliance of a software offering, so you can deploy with confidence.
  • Differentiating open source from commercial SAST capabilities
    Differentiating open source from commercial SAST capabilities
    Stephen Giguere, Solution Architect, Synopsys Recorded: May 15 2019 53 mins
    We need to learn from industries where we see parallels forming and see how they have leveraged and understood their testing capabilities and placed them correctly within their pipeline. Based on life time experience Stephen Giguere, Solution Architect at Synopsys, explores and differentiates open source and commercial SAST in combination with cross-industry learning applicable to software development. See how Synopsys tools and services can allow you to build secure, reliable and quality software.
  • 2019 Open Source Security Report: Persistent Challenges and Forward Progress
    2019 Open Source Security Report: Persistent Challenges and Forward Progress
    Tim Mackey, Senior Technical Evangelist, Synopsys Recorded: May 9 2019 49 mins
    Open source components form the foundation of modern applications, but ineffective open source risk management can lead to security breaches that negatively affect your business and damage your brand. The Open Source Security and Risk Analysis (OSSRA) report examines trends in open source usage and risk management practices based on the audits of more than 1,200 codebases.
    Listen in as we explore how the open source landscape has changed—and improved, in some cases—but more importantly, how development, security, and legal teams can improve their open source risk posture.
    - 96% of codebases scanned in 2018 contain open source
    - The average code base contains 298 open source components, up from 257 in 2017
    - 60% of codebases contained at least one open source vulnerability—still significant, but much better than 78% in 2017
  • Open Source Risk in M&A by the Numbers
    Open Source Risk in M&A by the Numbers
    Phil Odence, General Manager, Black Duck On-Demand Recorded: May 2 2019 51 mins
    In over 1,000 codebases audited in 2018, Black Duck Audits found that nearly every one contained open source components. Not only that, but a significant percentage of “proprietary code” overall was open source. Virtually every company building software now depends on open source, and with great reason. However, left unmanaged, open source can lead to license compliance issues plus security and code quality risks. Whether you’re on the buy side or sell side, these risks could negatively affect valuation in an M&A transaction.

    Many acquirers have come to understand all this in concept; the Black Duck audit services group has the data. Join us for this webinar as we answer questions about the code of tech companies being acquired today. We’ll cover:

    • Open source license and security risks by the numbers
    • Why audits have become the norm in M&A tech due diligence
    • How you can get a complete picture of open source risks

    Don’t miss this informational webinar – register today.
  • Reviewing Moden JavaScript Application
    Reviewing Moden JavaScript Application
    Lewis Ardern, Senior Security Consultant, Synopsys Recorded: Apr 30 2019 61 mins
    When dealing with modern JavaScript applications, many penetration testers approach from an ‘out-side-in’ perspective, this is approach often misses security issues in plain sight. This talk will attempt to demystify common JavaScript issues which should be better understood/identified during security reviews. We will discuss reviewing applications in code-centric manner by using freely available tools to help start identifying security issues through processes such as linting and dependency auditing.
  • How to Automate Container Security Into your CI/CD Pipeline
    How to Automate Container Security Into your CI/CD Pipeline
    Glen Kosaka, VP of Product Management, NeuVector and Tim Mackey, Senior Technical Evangelist, Synopsys Recorded: Apr 18 2019 60 mins
    The promise of containers and cloud-based microservices is fast time to market for applications. But there are security requirements that, if not handled properly, can slow down the pipeline and lengthen time to market. Automation is critical to a CI/CD pipeline, and it is also critical to secure deployment of containers. Join Synopsys and NeuVector to explore the key automation integration points in the pipeline and learn how to build security into your process, culture, and toolchain, from build to ship to run.

    Who should attend?
    •Security architects
    •Application architects
    •DevSecOps and DevOps practitioners
    •Network and application security engineers
  • Understanding Open Source – Strengths and Challenges for Enterprise users
    Understanding Open Source – Strengths and Challenges for Enterprise users
    Balaji Bhardwaj, Senior Security Engineer, Synopsys Software Integrity Group Recorded: Apr 11 2019 53 mins
    Open source usage has had a steady increase over the years and so has the Open Source content, which has seen exponential release. The strength of open source is attributed to the fact that there has been a growing adoption of Open source in enterprise application.

    In our 11th April 2019 webinar, Balaji Bhardwaj, Senior Security Engineer, Synopsys Software Integrity Group, will provide insights into the following:
    •Usage trends of Open Source
    •How large enterprise users understands risks associated with using Open Source
    •Methodologies derived to mitigate Open Source risks and issues
    •Is Open Source an enabler or a liability

Embed in website or blog