Hi [[ session.user.profile.firstName ]]

Synopsys Software Integrity Group (SIG)

  • Date
  • Rating
  • Views
  • Black Duck Audit Reporting: The Next Generation
    Black Duck Audit Reporting: The Next Generation
    Emmanuel Tournier, Sr. Manager, Black Duck On-Demand and Phil Odence, GM – Black Duck On-Demand at Synopsys Live 60 mins
    You won’t want to miss this webinar, if you have received Black Duck audit reports and anticipate more in the future.

    Black Duck by Synopsys constantly strives to improve our offerings and reporting capabilities. We’ve expanded the range of our audit offerings, and by the first of the year, we’ll be rolling out a new set of reports and a new process for sharing them. Join us for a preview of the new reports and process. Black Duck On-Demand’s Phil Odence and Emmanuel Tournier will demonstrate how we have combined customers’ ideas with the best elements of our reporting to develop new reporting technology and processes designed to make reviewing audit results easier, more insightful, and more productive.
  • Beyond Open Source Compliance: Security in M&A Due Diligence
    Beyond Open Source Compliance: Security in M&A Due Diligence
    Nabil Hannan, Managing Principal, Synopsys Recorded: Dec 12 2018 30 mins
    The headline of Wall Street Journal article from March read “Due Diligence on Cybersecurity Becomes Bigger Factor in M&A.” In April, Gartner reported, “Cybersecurity is Critical to the M&A Due Diligence Process.” Companies that invest in open source license compliance as part of diligence are starting to dive more deeply into security issues.
     
    A first step in assigning the security of software assets is looking at known vulnerabilities in open source components. But, now as part of the Synopsys Software Integrity Group, Black Duck can bring much broader capabilities to bear to analyze the overall security of code assets, including proprietary code.
     
    This webinar will discuss application security issues at a high level and the security services that you can include with a due diligence audit.
  • Secure Your Containers With GitHub and Synopsys
    Secure Your Containers With GitHub and Synopsys
    Bryan Cross, Sr. Solutions Engineer, GitHub; Dave Meurer, Partner Solution Architect, Black Duck by Synopsys Recorded: Nov 6 2018 52 mins
    In April, Synopsys and GitHub spoke about adding “Sec” to DevOps by using solutions that don’t sacrifice speed or agility. Most of the discussion focused on software composition analysis for applications. But DevOps organizations are increasingly adopting container technologies. Do our solutions have what it takes to properly secure the code found in every layer of a container image?

    The answer is yes. With GitHub and Synopsys solutions, you can ensure the code in your containers is secure—from the code you write, to the open source you depend on, and to the operating system components that come with the container. In this live webinar, experts from Synopsys and GitHub will demonstrate solutions that can help keep your container contents secure. Some highlights:

    - The application security tool landscape, and when and where to run these tools
    - Linux component vulnerabilities vs. application component vulnerabilities
    - Demo: GitHub repo to a running container
    - Black Duck CoPilot: It’s free!
  • BSIMM9: Here’s What’s New!
    BSIMM9: Here’s What’s New!
    Mike Ware, Managing Principal, Synopsys Recorded: Oct 25 2018 47 mins
    In early October, we released the latest version of the BSIMM report, BSIMM9. While many things about the report haven’t changed much, it’s the new things that make it really exciting. Mike Ware will give a quick recap of the BSIMM and how organizations can use it before diving into the changes observed in BSIMM9, including these:
    - The incorporation of three new cloud-related activities and what that says about AppSec
    - The addition of retail as a stand-alone vertical
    - The growth in the number of security and developer resources
  • Black Duck 5.0 - Newest Customer Driven Features
    Black Duck 5.0 - Newest Customer Driven Features
    Jeff Michael, Hal Hearst, and Lisa Bryngelson, Senior Product Managers for Black Duck by Synopsys Recorded: Oct 24 2018 54 mins
    Join us on to hear about our exciting new features and functionalities in 5.0. Features requested by you, our customers! Our senior project management team, Jeff Michael, Hal Hearst, and Lisa Bryngelson will cover the latest features and leave plenty of time to answer your questions. In this webinar, we will discuss:

    -Black Duck Binary Analysis
    -Enhanced component management
    -Operational risk policy rules
    -API improvements
    -Infrastructure improvements
  • Securing Enterprise-Level Cloud Deployments
    Securing Enterprise-Level Cloud Deployments
    Kinnaird McQuade, Senior Consultant, Synopsys Software Integrity Group Recorded: Oct 23 2018 54 mins
    When you’re operating in a cloud environment, access expands, responsibilities change, control shifts, and the speed of provisioning resources and applications increases—significantly affecting all aspects of IT security. Security must keep up with these demands without compromising on auditability, least privilege, and secure development practices while receiving the benefits of automation. In cloud environments, security must be built in with configuration management and infrastructure as code. This talk aims to piece all of it together while providing practical guidance (and examples) that will help your organization operate safely in this age of cloud computing.

    Topics will include:
    - Building security in with infrastructure as code
    - Pipeline-friendly OS hardening
    - Vulnerability scanning considerations for building cloud applications
    - Migrating to the cloud with rapid deployments in mind
  • Cloud DevSecOps With Synopsys and AWS
    Cloud DevSecOps With Synopsys and AWS
    Binoy Das, Partner Solution Architect, Amazon Web Services; Dave Meurer, Partner Solution Architect, Black Duck by Synopsys Recorded: Oct 18 2018 55 mins
    Automation in the cloud can help you build faster and deliver continuously, but it can also make managing security a challenge. By integrating Black Duck by Synopsys with the development tools you use in Amazon Web Services, you can scan images in your container registry, automate build scans in your CI pipeline, and stay notified of any security vulnerabilities or policy violations found in your open source code.

    Join experts from Synopsys and AWS as we explore how to build applications and containers safely in the cloud without sacrificing agility, visibility, or control. In this hands-on webinar, we’ll demonstrate how to:

    - Get started with Black Duck and AWS
    - Build better solutions through open source intelligence
    - Use open source management automation and integration with AWS
  • Effective Policies for Managing and Releasing Open Source Software
    Effective Policies for Managing and Releasing Open Source Software
    Mark Radcliffe, Partner, DLA Piper/General Counsel OSI; Anthony Decicco, Shareholder, GTC Law Group & Affiliates Recorded: Oct 17 2018 60 mins
    Once you get a handle on what open source your organization has in house and you're through remediating any issues that came up during your code scan, then what? How do you ensure you avoid surprises the next time around and fully leverage your investment?

    Join this webinar with top open source legal experts Mark Radcliffe (partner at DLA Piper and General Counsel for the Open Source Initiative) and Tony Decicco (shareholder, GTC Law Group & Affiliates) as they discuss effective policies for managing and releasing open source in your company:

    - What are key aspects of an effective open source / third-party software policy for both inbound use and outbound contributions?
    - What are key success factors for effectively releasing code as open source?
    - How does this play out in transaction due diligence and integration following an acquisition?
  • Static Analysis Helps DevOps Teams Maintain Velocity Securely
    Static Analysis Helps DevOps Teams Maintain Velocity Securely
    Meera Rao, Senior Principal Consultant, Synopsys Recorded: Oct 11 2018 61 mins
    Static application security testing (SAST) is the process of examining source code for security defects. SAST is one of many checks in an application security assurance program designed to identify and mitigate security vulnerabilities early in the DevOps process. Integrating SAST tools into DevOps processes is critical to building a sustainable program. And automating these tools is also an important part of adoption, as it drives efficiency, consistency, and early detection.

    But DevOps practitioners looking to integrate SAST tools into the DevOps pipeline often have questions:

    - How do I manage false positives?
    - How do I triage the results?
    - What happens to new issues identified?
    - How can I use a tool in my DevOps pipeline?

    If you have questions like these, and you’re concerned about integrating SAST tooling into your DevOps process, this session will offer actionable advice to automate security testing that supports DevOps velocity.
  • The Future of Application Security: Enable DevSecOps with IAST
    The Future of Application Security: Enable DevSecOps with IAST
    Amy DeMartine, Forrester Principal Analyst and Ofer Maor, Director, Solutions Management at Synopsys Recorded: Oct 4 2018 57 mins
    IAST, or Interactive Application Security Testing, is an emerging technology that is transforming the way organizations secure their web apps at the speed of DevOps. IAST automatically and continuously scans apps during QA testing to detect security vulnerabilities earlier in the SDLC than traditional DAST or pen testing solutions—when it’s easier, faster, and cheaper to fix them. Using a combination of static and dynamic testing techniques, IAST produces highly accurate and actionable results that can be interpreted directly by the developers responsible for fixing the code.

    Join guest speaker and Forrester Principal Analyst, Amy DeMartine and Ofer Maor, Director of Solutions Management at Synopsys, as they unpack the promise of IAST from the perspective of an analyst and a technology provider. Learn about the unique benefits and use cases for IAST, as well as the technology’s limitations and which types of organizations stand to gain the most from it.

Embed in website or blog