Security specialists, especially at large organizations, believe that better security comes from robust independent gating. On the other hand, DevOps has proven that you can safely deploy orders of magnitude faster than human gating can achieve.
What’s needed to add security to DevOps are tools that work well with rapid-cycle CI/CD pipelines and an approach that reinforces the DevOps culture and process changes. This requires that security specialists become self-service toolsmiths and advisors and stop thinking of themselves as gatekeepers.
This webinar includes guidance on the characteristics of security tools compatible with DevOps, but it focuses primarily on the harder part: the people. This talk introduces the DevSecOps manifesto and provides you with a process model, based on agile transformation techniques, to accomplish the necessary mindset shift and achieve an effective DevSecOps culture transformation. It has been successfully used in a large DevSecOps transformation at Comcast and has gained recognition in DevSecOps circles as a leading framework.
It’s been more than six months since the major design flaw in computer chips labeled Spectre became public. And, as predicted, it is still haunting the world of information technology. The CPU (central processing unit) is, after all, the “brain” of any computer, phone, tablet, modern TV, or other “smart” device.
Since then, we’ve all learned a bit about terms some of us had never heard before—“speculative execution,” anyone? We’ve also been told that you can’t just patch a chip the way you can patch bugs in software. But you can create work-arounds with software patches.
In this webinar, Taylor Armerding, senior security strategist for Synopsys Software Integrity Group, will address some of the questions that “regular”—i.e., nontechnical—users may have about Spectre:
- What is it?
- How does it work?
- Why does it work?
- Why didn’t chip makers catch a flaw of this magnitude during the design phase?
- Why is a tool called static analysis the best way to work around Spectre without causing intolerable performance slowdowns?
A ‘Patent cliff’ describes a severe drop in revenue once the patent for a company’s leading product expires. The sharp revenue decline is a result of competitors being able to start developing and selling the product, often at a much lower price.
As US biopharmaceutical company Celgene struggles to get regulatory approval from the FDA, the company is facing major market, shares and revenue losses, and is facing a phenomenal patent cliff. Furthermore, research from EvaluatePharma reports that an estimated $250 billion in projected sales is at risk between 2018-2024 as many drugs lose exclusivity.
When it comes to acquisitions, the effects of a dwindling patent term can severely impact the value of your company. So how do you create 5-year plan to prepare for an inevitable patent cliff? We are very excited to welcome back Jurgen Vollrath, President of Exponential Technology Counsel, and customer of PatSnap. ET Counsel, advise clients on IP strategy & business alignment to ensure the most successful M&A and exit outcomes.
In this webinar, Jurgen will be discussing:
- Risk vs. reality when it comes to patent cliffs
- How to create a 5-year M&A plan for your organisation
- How to find potential acquisition targets
- Predicting the potential impact a patent cliff could have on your business.
The use of open source has surpassed the occasional and solidified itself as the standard. In fact, the Black Duck by Synopsys 2018 Open Source Security and Risk Analysis found that 96% of the applications we scanned last year contained open source components.
It’s increasingly difficult to properly manage open source in an organization to ensure compliance with the over 2,000 different licenses in use today and defend against new vulnerabilities, which surface frequently.
Join this webinar with top open source legal experts Mark Radcliffe (partner at DLA Piper and general counsel for the Open Source Initiative) and Tony Decicco (shareholder, GTC Law Group & Affiliates) as they discuss best practices for managing open source in an organization and throughout an M&A transaction:
- How do you conduct an open source / third-party software audit?
- How do you get the most out of your Black Duck code scan?
i.e. Handling license compliance issues and managing security vulnerabilities
- What are key aspects of an effective open source / third-party software policy for both inbound use and outbound contributions?
- What are key success factors for effectively releasing code as open source?
For most organizations, performing threat-modeling is a difficult and an expensive undertaking. There are good reasons why this is the case. Threat modeling traditionally requires an experienced security architect with knowhow in architecture patterns, design patterns, a breadth of technologies, and above all deep security knowledge.
Join this webinar and learn:
- Consistency/Reliability: Use of patterns allows us to identify recurring problems/patterns and provide consistently the same solution. In security this means that identifying patterns during threat modeling will allow us to create consistent design, development, testing, and risk guidance.
- Efficiency: Use of patterns allows us to automate some part of a problem while leaving the more complex concerns to be tackled by experts. This creates efficiencies.
- Commonly understood taxonomy: Patterns create a common taxonomy for organizing knowledge, training users/practitioners, communicating with stakeholders (developers, testers, architects, security analysts, etc.)
Static application security testing (SAST) is the process of examining source code for security defects. SAST is one of many checks in an application security assurance program designed to identify and mitigate security vulnerabilities early in the DevOps process. Integrating SAST tools into DevOps processes is critical to building a sustainable program. And automating these tools is also an important part of adoption, as it drives efficiency, consistency, and early detection.
If you have questions like these, and you’re concerned about integrating SAST tooling into your DevOps process, this session will offer actionable advice to automate security testing that supports DevOps velocity.
But DevOps practitioners looking to integrate SAST tools into the DevOps pipeline often have questions:
How do I manage false positives?
How do I triage the results?
What happens to new issues identified?
How can I use a tool in my DevOps pipeline?
SAST, IAST, DAST, MAST, *AST – There are plenty of technologies and ways to test your software, but how do we do that without slowing us down in a rapid development environment. In this session we will give practical advice on how to integrate software security testing into your CI/CD and your development process so it works. The session will review the pros and cons of each of the testing technologies, how to adapt it to rapid development, and how to make testing work as organizations are moving to A/B testing. Finally, this session will guide on how to manage the balance between risk and speed to build the right process, so that real threats will become blockers, but other issues will be handled in a parallel, slower cycle, without slowing down the main delivery.
Development and operations teams have already come a long way by aligning around the shared goal of delivering stable, high-quality software—quickly. By automating manual processes and building tools into the continuous integration and continuous delivery (CI/CD) pipeline, they’ve increased trust between groups, which is essential as these once-disparate teams tackle critical issues together. In this webinar, you’ll learn how to build a DevSecOps culture in your organization with automated and integrated application security tools and the right training for each team.
Social Impact Investment brings together capital and experience from the public, private and non-for-profit industries to achieve specific social objectives. The return of these investments is measured typically by the social outcomes achieved.
The Centre of Advancing Innovation is a public-private partnership non-profit focused on identifying breakthrough inventions hidden in portfolios, to maximise investor returns and commercial success. Research performed by the group has highlighted that Social Impact projects accelerate innovation, and result in higher returns.
In this webinar, Rosemarie Truman, CEO and Founder of CAI will be discussing the positive implications of choosing social impact projects for your business, including:
- Why they accelerate innovation
- How these projects can increase your potential investment opportunities for the future
- The influence on the future funding of projects.
In this webinar, hear about the current boom in Tech M&A spending and what it may mean for the rest of 2018. Spending on tech acquisitions in the first half of this year has surged -- 70% higher than the same period last year. Despite facing sharp competition from non-tech acquirers and private equity buyers, enterprise buyers are back in the game and on pace to do more tech deals this year than any year in history. On top of that, the other exit for startups is busy, too, with the pace of enterprise technology IPOs hitting a post-recession record.
Join Brenon Daly, who leads 451 Research’s M&A practice, and Scott Denne, a senior M&A analyst, for an update on the first half of 2018 and what we expect to shape dealflow for the rest of the year. They’ll highlight trends in deal activity with insight from 451 Research analysts as well as 451 Research’s M&A KnowledgeBase, the industry’s only tech-focused M&A database, and:
•Take a look at trends in both M&A activity and valuations.
•Discuss implications for buyers, sellers and investors.
•Dissect this year’s IPO boom and forecast which startups might be looking to join the parade of new offerings.
This webcast will cover issues that lawyers often encounter in commercial litigation with reviewing and understanding financial statements. Our panel of accounting experts will cover fundamental accounting concepts and components that are the basis of the financial statement reporting- the statement of financial position (balance sheet), the statement of profit and loss (income statement) and the cash flow statement.
Our panel will also show how to derive meaningful conclusions about the performance of a business through financial ratio analysis and trend analysis.
In addition to understanding and analyzing financial statements, the webcast will highlight recent changes in generally accepted accounting principles that will affect the presentation of information contained in the financial statements.
Please join Jeff Litvak, CPA/ABV/CFF, ASA and Jason Tolmaire, CPA/ABV, both of FTI Consulting’s Forensic & Litigation segment, as they address these issues as well as your questions.
Open source management is a key part of any application security toolkit. But with so many different tools and techniques on the market, how can you decide what other tools you need to fully address the security risks of your applications? In this webinar, you’ll learn the benefits and limitations of several application security tools, including SAST, SCA, DAST, IAST, and fuzzing, as well as how they differ, so you can make informed decisions as you build your AppSec toolkit.
Once again, our newest Hub release is packed with features requested by you – our customer! Lead Product Managers for Hub, Hal Hearst and Jeff Michael, will share all the new features. We will dive into:
-Bulk snippet confirmation
-BoM hierarchy tree display
-BoM policy violation comments
-Cross-project BoM difference comparison
-Ability to map Hub projects to external application IDs
Trying to keep pace in a highly connected world and increasingly hostile environment is a challenge for any developer, let alone an entire industry. To protect the software they write, developers turn to technologies and processes such as audits, reverse engineering, application firewalls, sandboxing, and many others to provide a level of protection. But these technologies also have the potential to become entry points for vulnerabilities. So do we really trust software?
See how Synopsys started the software security journey and is taking an active role in providing industry expertise to help organizations deliver robust software security solutions. We will focus on how the cyber supply chain can have a direct and meaningful impact on the overall design and deployment of software. See how known vulnerability management, mitigation, and training can affect the known risk profile of overall software design. Learn about what we are working on and how you can participate in improving standards and programs that reduce cyber risk.
With innovation budgets increasing each year and R&D becoming more competitive, many organisations are getting creative in how they increase the reach of their IP protection.
One technique is to widen IP claims by patenting human experiences induced by the product or service. This is often seen in the automotive and consumer goods sectors, commonly describing visual and tactile sensations around the original technology.
Jason Lye, IAM 300 Strategist & Founder of Lyco Works has worked with many clients using this technique and will be hosting this webinar to discuss how your company could benefit from broadening patent claims in this way. He will also cover:
- What patenting human experiences really means and looks like
- The importance of not forgetting the human-impact your technologies create
- How claim-broadening technique offers another layer of protection for your technology
- Why it will make it much harder for your competitors to trap you in litigation cases.
With the extensive use of open source software in containers, it’s critical to prevent vulnerable software from being deployed into production. But even with protections in place, unknown and new vulnerabilities can be exploited during runtime, compromising sensitive data, revealing secrets, and damaging infrastructure.
In this webinar, Black Duck by Synopsys and NeuVector will explain:
- How to protect containers starting from the build
- How to develop container security policies and procedures around threats
- Best practices for deploying secure container
Mature products, such as smartphones and cars, tend to become very similar – whether they are from different manufacturers or the latest model from the same manufacturer.
Speed, power and slight changes in appearance become the focus for many companies. Marketing can make advances through insightful methods to dig deeper into opportunities from unmet needs – but the right science and technology are required to make them real.
R&D teams have access to incredible developments in science and technology, such as artificial intelligence and the latest developments in genetics, but struggle to find how to link them with market opportunities. Opportunities become ‘market pull’ or ‘technology push’, without joining together. Innovation opportunities must connect customer needs with science and technology to be more than just ideas or technologies.
This webinar will demonstrate how technology mapping can be used to discover new opportunities, whichever direction you start from, and how IP landscapes can then help you to make the right connections.
Please note: Registrants details will be shared with the presenter after the webinar.
In an age where technology and cars have never been more intertwined, experts believe the most successful automotive companies in the future, are the leaders in the smart manufacturing race today. A recent survey of automotive companies by Capgemini’s Digital Transformation Institute revealed that 49% of automotive companies have invested over $250mn in smart factory innovation.
The ability to integrate currently siloed systems throughout manufacturing processes with smart techniques is clearly beneficial, and of course, it isn’t just about software and connectivity tools, it's about making better business decisions by using data to solve problems before they happen.
But how can you begin making your organisation smarter? PatSnap is pleased to welcome Paul Mairl, Chief Digital Officer at GKN Powder Metallurgy. Paul has worked within GKN for over 25 years and is now responsible for setting up GKN Powder Metallurgy's digital system in line with Industry 4.0.
In this webinar, Paul will be sharing:
- What smart manufacturing really means
- How GKN successfully integrated it across their shop floor
- Techniques you can use to successfully integrate smart manufacturing processes into your organisation
- The benefits and barriers of these techniques
Patent licensing negotiations have an extremely high fail rate- this can be down to unfavourable licensing terms or weak patent portfolios. One of the ways universities and industry are trying to bridge the gap between innovation and commercialisation is by working together much earlier.
From a university standpoint, their research can be tailored to specific industry needs, as well as having research costs covered. Through the eyes of industry, they can get their hands on the latest research developments, and attract the brightest and talented individuals to their businesses.
Laura Schoppe, President and Founder of Fuentek, who has years experience helping TTO's improve their chances of commercalisation will be joining us to discuss:
- How to start sourcing strategic sponsorship deals
- Where to begin with searching and conversations for partnerships
- The benefits of this chosen pathway. i.e Minimizing risk
Do you ever wonder whether your software security program is the correct one for your organization? You spend time and money on processes, technology, and people. But how do you know whether the security efforts you’ve put in place even make sense? The Building Security In Maturity Model, or BSIMM, is a metrics-driven study of existing security initiatives at other organizations. BSIMM results help you assess the current state of your software security initiative and determine which areas need improvement.
During the webinar, we’ll use a BSIMM broken down by the financial services industry to see what other companies are doing. We’ll also:
· Use real data to help drive your software security initiative
· Learn how organizations use the BSIMM to measure the maturity of their software security initiatives
· Look at the aggregate data of the FSI vertical in the BSIMM
· Discuss some of the most common activities that we observe with FSI companies and the drivers of those activities
If you’re a developer, there will come a time when you realize that you have the power not only to ship awesome features but also to protect them so that no one else can tamper with all your hard work. Every developer is responsible for coding securely, but a brave few among us will take this duty one step further by wearing the mantle of a Security Champion.
This webinar is your guide to becoming the Security Champion you always wanted to be, in just five easy steps. We’ll also talk about what benefits you’ll get out of it, besides saving the world, and what to do if your company doesn’t have a Security Champions program or even a product security program.
With all the different application security testing tools available, you may be wondering whether interactive application security testing (IAST) makes sense for you. If you want to equip your developers with everything they need to fix vulnerabilities quickly and accurately in CI/CD workflows, then the answer is yes.
In this webinar, Asma Zubair, product marketing manager for Seeker, our IAST solution, will show you how to gain unparalleled visibility into the security posture of your web applications and how to identify vulnerability trends against compliance standards (e.g., OWASP Top 10, PCI DSS, and CWE/SANS). You’ll also learn how IAST can:
- Be deployed in existing environments with ease
- Give you real-time, accurate results
- Integrate with software composition analysis
Organisations increasingly rely on open source software from their supply chain partners and outsourcers to power the products and technology they deliver to the marketplace.
Whether you’re an automotive company or a medical device manufacturer, use of open source software accelerates development schedules, and reduces costs, but how do you minimise security risks?
One way some DevOps organisations are facing this challenge is by deploying their applications in containers.
In this webinar, Tim Mackey explores this new era of large scale container deployments and how to manage and secure them.
Our webinar will arm you with the information to:
•Explain the importance of open source security to your organisation
•Why container environments present new application security challenges
•Best practices and methodologies for deploying secure containers with trust
The increasing awareness for health & wellness among both older and younger populations, and the resulting growing demand for phytonutrient-rich products globally, have led to advancements in extraction technologies by ingredient manufacturers, and resulted in constant innovations with novel extracts across different ingredient types, such as tocotrienol, carotenoids, flavonoids, and phytosterols. These factors will stimulate the growth of the global phytonutrient ingredients market across different end applications, and especially in the dietary supplements and functional foods segments.
• Discover driving factors that fuel the growth of the phytonutrient ingredients sector across different end applications
• Receive forecasted unit shipment and revenue of the different phytonutrient ingredients through 2022
• Understand essential product and technology developments amongst competitors in the market
• Take advantage of regional trends that are anticipated to drive growth
Title: Iraq's Top Investment & Trade Opportunities in Post-ISIS Era—A Growing Emerging Market in the Middle East
Subtitle: Opportunities Across Multiple Industrial Sectors Call for Multi-billion Dollar Investment Within Next Decade
After three years of combat operations, the war against the Islamic State (ISIS) has ended, and the country is on the path of rebuilding and reformation. The country’s reconstruction, stabilization, and economic diversification efforts entail massive investment in all economic sectors, to the tune of more than USD 900 billion across multiple areas within the next decade. With a large youth population, vast natural and mineral resources as well as a strategic location, Iraq occupies a pivotal position in the Persian Gulf and Middle East region and has the potential to become a significant, cost-effective trading and distribution location.
- Identify the most attractive sectors for investment and trade in Iraq.
- Learn about the business environment, tax regime, available incentives and privileges for foreign companies.
- Gain valuable insights about the current and future consumer market in Iraq.
- Explore opportunities across multiple sectors, including oil & gas, food, medical, metal & minerals, energy & infrastructure, etc.
The security industry has made great strides developing tools and technology to integrate software security into the application development life cycle. However, it’s important not to ignore the people and process aspects of DevSecOps. Building security into application teams’ culture is necessary for DevSecOps to be successful.
Outside the software security group, Security Champions are the leaders of this cultural change. Embedding knowledgeable champions within development teams to assist with security activities and vulnerability remediation will help your organization see this cultural shift. As a result, you’ll build new features not only faster but also more securely. In this webinar, you’ll learn the foundations of a successful Security Champions program and the challenges you’ll face implementing such a program.
Technology commercialisation at its core requires for an invention to be applied to a use case in a specific market. Doing this successfully will ensure that you are getting ROI out of your research and inventions. Mireya McKee has over 16 years experience in research, academia and commercialisation and will be talking about how she utilises technology trends to maximise commercialisation value.
Some of the topics discussed in this webinar will be:
* How to track technology trends
* What can patents tell us about technology trends
* Technology adoption cycle
* How technology readiness levels can affect commercialisation opportunities
Containers are revolutionizing application packaging and distribution. They’re lightweight and easy to build, deploy, and manage. But what about security? Your containers include more than the applications your team builds. They also bundle all the third-party software and open source components those apps depend on. In our webinar “Container Security – What you need to know!”, Tanay Sethi, Senior Security Architect, outline how you can prevent vulnerable code hiding in your containers from compromising your applications and sensitive data and how you can take control in the event when a new vulnerability breaks out for open source component present in your containers.