Hi [[ session.user.profile.firstName ]]

Synopsys Software Integrity Group (SIG)

  • Date
  • Rating
  • Views
  • Master Class: Life Cycle of an Open Source Vulnerability
    Master Class: Life Cycle of an Open Source Vulnerability
    Tim Mackey, Sr. Technology Evangelist, Synopsys SIG Recorded: Mar 13 2019 52 mins
    The world of software development has firmly adopted open source development paradigms. Regardless of the type of application you’re developing, it’s safe to say that open source is a key part of your solution—whether you wanted it to be or not. Similarly, developers deal with security issues in their code throughout the development cycle, but most don’t think about how open source components affect the security of their end product. In this master class, we’ll look at how open source development works, how open source components are embedded in solutions, and how an open source vulnerability is both disclosed and patched. After all, while open source software is just as secure as its commercial cousins, the security disclosure processes for the two types of software is far from the same!
  • Security at the Speed of Development
    Security at the Speed of Development
    Andrei Bezdedeanu, VP of Engineering, CYBRIC & Dave Meurer, Alliances Technical Manager, Synopsys Recorded: Feb 28 2019 59 mins
    Moving to cloud-native development is no less transformative than were moves from client/server to web, or from browsers to mobile devices. The software life cycle has changed, and along with it, the cadence of development and the tools on which that life cycle depends. The best security tools have required a lot of hand-holding to accomplish their thorough analyses.

    In this webinar, we’ll discuss recent advancements in best-of-breed security tools (such as composition analysis and vulnerability discovery) that allow organizations to scale their use to a portfolio of software without an army of staff. We’ll discuss how test orchestration and vulnerability management platforms allow CISOs to package these tools as “software security in a box” and deploy them seamlessly to brownfield development teams maintaining large business-critical software, as well as those tiger teams conducting digital transformation in a hybrid or multicloud world.

    Key topic areas:
    * Coverity 2018.12
    * Seeker
    * Black Duck, now with binary support
    * CYBRIC Security Platform
  • Shifting Gears: Focus on Cybersecurity
    Shifting Gears: Focus on Cybersecurity
    Larry Ponemon, Founder, Ponemon Institute; Tim Weisenberger, PM, SAE; Chris Clark, Principal Security Engineer, Synopsys Recorded: Feb 27 2019 60 mins
    Today’s vehicle is a connected, mobile computer, a situation that has introduced an issue the automotive industry has limited experience dealing with: cybersecurity risk. Automotive manufacturers have become as much software companies as they are transportation companies, facing all the challenges inherent to software security.

    In this webinar, Synopsys and SAE International experts will discuss key findings from the report Securing the Modern Vehicle: A Study of Automotive Industry Cybersecurity Practices, including these:
    - The automotive industry has insufficient cybersecurity resources and skills.
    - Some of those most knowledgeable about automotive cybersecurity feel powerless to voice their concerns.
    - Automotive cybersecurity testing may be occurring too late in the product development life cycle.

    We will also discuss how SAE International and Synopsys can help lead the industry in planning cybersecurity strategy and generating solutions using the data points collected in the survey.

    Topics covered include:
    - Survey methodology
    - Industry standards
    - Best practices
    - Professional development
    - Security controls
  • Building a Culture of Secure Programming in your Organisation
    Building a Culture of Secure Programming in your Organisation
    Amanvir Sangha, Consultant, Synopsys Recorded: Feb 20 2019 70 mins
    We all know that fixing defects early in the SDLC is the right approach to building secure software. Security needs to be in every part of the pipeline but it’s often hard to get everybody onboard with software security initiatives.

    Come join us on this webinar to explore how to build a culture of proactive secure programming in your technical organization and how to implement security as an enabler without disrupting the velocity of projects in modern development teams. See how Synopsys tools and services can allow you to build secure, reliable and quality software.
  • Polaris Software Integrity Platform Partner Webinar
    Polaris Software Integrity Platform Partner Webinar
    Neal Goldman Recorded: Feb 19 2019 41 mins
    The Polaris Software Integrity Platform™ brings the power of Synopsys Software Integrity products and services together into an integrated solution that enables security and development teams to build secure, high-quality, software faster. Polaris comes as a subscription entitlement with Coverity as well as Black Duck, Seeker and Managed Services. Polaris allows customers to start with a single SIG product subscription (e.g. Coverity) and seamlessly add other products as needed, by providing a unified user experience and deployment architecture.

    In this Partner focused webinar, Neal Goldman, Product Manager of Polaris, will provide an overview of the Polaris Platform and its unique value to our Partners as an Ecosystem Platform. Neal will discuss how Polaris provides a common integration framework for the SIG portfolio, allowing our Application Development, Cloud, Vulnerability Management, and Global System Integrator partners ease of integration into their products and processes. Neal will also discuss how our Partner’s existing integrations into SIG products will continue to be supported and how they will interact with the Polaris platform.
  • The 2018 Open Source Year in Review
    The 2018 Open Source Year in Review
    Mark Radcliffe, Partner at DLA Piper & Tony Decicco, Shareholder, GTC Law Group & Affiliates & Phil Odence, GM, Synopsys Recorded: Feb 6 2019 59 mins
    Gain insights into important legal developments from two of the leading open source legal experts, Mark Radcliffe, Partner at DLA Piper and General Counsel for the Open Source Initiative and Tony Decicco, Shareholder, at GTC Law Group & Affiliates.

    This annual review will highlight the most significant legal developments related to open source software in 2018, including:

    •The rising importance of data and licensing considerations
    •Business model problems and the proposed solutions (RedisLabs and MongoDB)
    •Dangerous Legal Theories: core developers as fiduciaries
    •OSS vs. SSO: clash of models
    •Return of Linux patent troll: McHardy
    •The need to extend the scope of an audit to cover web services/APIs
    •The changing tide in open source license adoption
    •Big open source transactions
    •And more

    Live attendees will earn CLE credit for this webinar. Don’t miss out – register today.

    CLE:
    DLA Piper LLP (US) has been certified by the State Bar of California, the Board on Continuing Legal Education of the Supreme Court of New Jersey, and the New York State Continuing Legal Education Board as an accredited CLE provider. The following CLE credit is being sought:
    •California: 1.0 Credit (1.0 General, 0.0 Ethics)
    •New Jersey: 1.2 Credits (1.2 General, 0.0 Professional Responsibility)
    •New York: 1.0 Transitional & Non-Transitional Credit (1.0 Professional Practice, 0.0 Ethics and Professionalism)
    CLE credit will be applied for in other states where DLA Piper has an office with the exception of Minnesota, North Carolina, Pennsylvania, and Puerto Rico.
  • Meeting Enterprise AppSec Needs With Coverity 2018.12
    Meeting Enterprise AppSec Needs With Coverity 2018.12
    Yatin Patil, Product Management, Coverity Recorded: Jan 31 2019 51 mins
    As organizations come to rely heavily on software to perform critical business functions and deliver customer value, cyberattacks have unfortunately become common. Web application attacks were responsible for 38% of data breaches in 2018. Securing these applications is critical to promote customer trust, protect business critical information and the company’s reputation. Fixing vulnerabilities before applications are deployed isn’t just smart, it saves downstream costs too.

    Modern web applications are increasingly reliant on frameworks that simplify the application code but can introduce their own vulnerabilities. In this webinar we discuss how the Coverity 2018.12 release enables organizations to build secure web applications faster. The latest release addresses three increasingly important needs for enterprise application security teams: scalability, broad language and framework support, and comprehensive vulnerability analysis. Building upon its historic advantages in deep, accurate code analysis, Coverity 2018.12 greatly expands upon its coverage of web languages and popular frameworks and makes it fast and easy to analyze applications. The result is applications that are inherently more secure before they are deployed into production.

    In this webinar Yatin Patil, Senior Product Manager for Coverity will cover:
    •Importance of application security testing
    •Enterprise application security best practices
    •What a SAST solution needs to provide
    •Newest features of Coverity 2018.12
  • Managing the Business Risks of Open Source
    Managing the Business Risks of Open Source
    Scott Crawford, Research Director for Information Security, 451 Research & Phil Odence, GM, Black Duck by Synopsys Recorded: Jan 24 2019 61 mins
    It’s no secret that “software is eating the world,” as Marc Andreessen once described—and it’s taking entire development communities to support it. Recently, open source has become a primary contributor to software found in the enterprise. According to a 2018 report from the Synopsys Center for Open Source Research & Innovation, the average percentage of open source in codebases examined in Black Duck audits has increased to 57% from only 36% from the previous year. But open source isn’t risk-free—and the implications can have a direct impact on the business.

    Join Scott Crawford, research director for information security with 451 Research, and Phil Odence, general manager of Black Duck On-Demand with Synopsys, to take a closer look at open source risks and the ways that businesses can better evaluate and mitigate them. They’ll cover the following points and more:

    • One of the highest-profile breaches of 2017 was the result of a widely exposed vulnerability in a popular open source application component, exposing millions of personal financial records—and costing business leaders their jobs.
    • In just the last few weeks, the implicit trust on which the open source ecosystem is based has been exploited to steal tangible assets.
    • What’s the real cost of a data breach? In at least one highly visible case, a breach reduced the dollar value of an acquisition by hundreds of millions. As business dependence on open source grows, so too does business exposure.
    • And of course, compliance with open source licenses remains a concern.

    Getting a handle on taming these threats to the business requires an approach that fits with the central role open source plays in the fast-moving world of continuous innovation.
  • Cyber Risk Management
    Cyber Risk Management
    Per-Olof Persson Recorded: Jan 23 2019 50 mins
    See how Synopsys started the software security journey and is taking an active role in providing industry expertise to help organizations deliver robust software security solutions. We will focus on identifying cyber risks and equip you with solutions to overcome security issues. If you want more than our Q&A at the end of the webinar, visit us in Copenhagen, Denmark. Synopsys will be hosting the Copenhagen Security Symposium at the Carlsberg Museum 6th February 2019.
  • APAC - Building Security In Maturity Model (BSIMM9): Here’s What’s New!
    APAC - Building Security In Maturity Model (BSIMM9): Here’s What’s New!
    Olli Jarva, APAC Managing Consultant, Synopsys Software Integrity Group Recorded: Jan 10 2019 40 mins
    The Building Security In Maturity Model (BSIMM) is a study of existing software security initiatives (SSIs). and provide a way to assess the current state of your software security initiative, identify gaps, prioritize change, and determine how and where to apply resources for immediate improvement. In this webinar, Olli Jarva, Managing Consultant, Synopsys Software Integrity Group, will give an introduction to BSIMM and also how organizations can use it before diving into the changes observed in the latest version 9.

Embed in website or blog