Hi [[ session.user.profile.firstName ]]

Connected Cars: Driving Change in Automotive Software Security

As the automotive industry embraces software and connectivity to deliver innovative features and functionality, the code bases of in-vehicle systems have grown exponentially, sustained by increasingly complex software supply chains. The pace and magnitude of this change challenges the incumbent resources and processes that OEMs and their suppliers possess to test and harden these interconnected and often safety-critical systems. This paradigm, compounded by the evolving threat landscape and sophistication of cyber attackers, is elevating the level of risk associated with automotive software quality, security, and compliance. As demonstrated by recent vehicles hacks and the subsequent recalls and unwanted attention from regulators and mainstream media, insecure software poses a very real threat to the automotive industry.

Join Chris Rommel of VDC Research and John Jacott of Synopsys’ Software Integrity Group as they explore the mounting software challenges faced by OEMs and their suppliers. Learn how the automotive industry can adapt by leveraging existing solutions and best practices to drive down risk while maintaining agility and the innovative edge that modern technology affords.
Recorded Apr 5 2016 64 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Chris Rommel (VDC Research); John Jacott (Synopsys Software Integrity Group)
Presentation preview: Connected Cars: Driving Change in Automotive Software Security

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Going Tribal With CISOs Jan 31 2018 6:00 pm UTC 75 mins
    Gary McGraw, VP Security Technology, Synopsys Scott Crawford & Dan Kennedy, Research Director, 451 Research
    CISOs play an important role in our software-driven world, but what they do on a daily basis—and why—have largely remained a mystery—at least until we studied them in the wild and created the CISO Report.

    Join us as Gary McGraw, CISO Report author and VP of security technology at Synopsys, along with analysts Scott Crawford and Dan Kennedy from 451 Research discuss the evolving role of the CISO and what this novel study reveals:

    - What are the four newly identified CISO tribes, and which characteristics distinguish them?
    - How can knowing your tribe advance your organization’s security initiatives and spur career development?
    -Why does your CISO’s tribe reflect the priorities and dynamics within your organization?
  • Silver Bullet Podcast #142 with Craig Froelich Recorded: Jan 17 2018 31 mins
    Gary McGraw
    Craig Froelich is the chief information security officer (CISO) for Bank of America. He leads the Global Information Security team responsible for security strategy, policy, and programs. Before moving to Bank of America through acquisition, he was responsible for Countrywide’s cyber security technology, networks, crisis management, and security operations. Craig has over a decade of experience in product management and application development for software and hardware companies. He also serves on the board of FS-ISAC and the executive committee of BITS. On Twitter, he describes himself as “a SoCal dude learning to be a southern gentleman” as a Los Angeles transplant to Charlotte, North Carolina, where he lives with his family.

    Listen as Gary and Craig discuss the role of the CISO in the financial services ecosystem and the newly released 2018 CISO Report.
  • Silver Bullet Podcast #141 with Bruce Potter Recorded: Dec 28 2017 34 mins
    Gary McGraw
    Bruce Potter is CISO at Expel, where he is responsible for cyber risk and ensuring the secure operation of Expel’s services. Previously, Bruce co-founded Ponte Technologies (sold to KeyW Corporation). He then served as CTO at KeyW for 2 years. Before that, Bruce was a security consultant at Cigital. In a seemingly previous life, Bruce founded the Shmoo Group. To this day, he helps run the annual hacker conference ShmooCon. He has co-authored several books, including “802.11 Security,” “Aggressive Network Self-Defense,” and “Host Integrity Monitoring.” Bruce regularly speaks at DEF CON, Black Hat, and O’Reilly Security conferences. He lives in Maryland with his family.

    Listen as Gary and Bruce discuss ShmooCon, the state of software security books, network security trends, hacking back, the relationship between preventative security engineering and operational security, DevOps, the CISO role, and more.
  • Fuzz Testing From Synopsys Recorded: Nov 2 2017 2 mins
    What if you could test software for unknowns? You can with fuzz testing. Fuzz testing manipulates input data to send until the malformed input causes the software to crash. Our fuzzing solution provides pre-built test suites that eases the burden of manual black box test creation. And our fuzz testing solution runs on any VM or Windows or Linux computer to produce a detailed remediation package that helps identify and fix software issues fast.
  • Software Composition Analysis from Synopsys Recorded: Nov 2 2017 2 mins
    Wouldn’t it be great to minimize the risks of 3rd party code? Introducing software composition analysis – or SCA -- from Synopsys. Our SCA solution quickly and accurately scans virtually any software package. It produces a bill of materials listing third-party components, their versions, and their location. And our SCA solution runs on either source code or binary, either as a managed service, or as an on premise virtual appliance, so that you always know for certain what’s in your software.
  • Synopsys is Software Security Recorded: Nov 2 2017 2 mins
    As the world's 16th largest software company, Synopsys has a history of being a global leader and was recognized by Gartner as a leader in software quality and security solutions. At Synopsys, we offer the most comprehensive solution for integrating security and quality into your SDLC and supply chain and work with over 1,500 industry-leading companies across all sectors including: 17 of the top 20 commercial banks 9 of the top 10 software companies 4 of top 5 managed healthcare firms 3 of top 4 US wireless providers By injecting software quality and security at the right time, at the right depth within your development environment, our software integrity platform promotes productivity and efficiency that empowers customers to develop secure, high-quality software. Our testing solutions improve the accuracy of findings, speeds up the delivery of results, and reduces the level of noise faced by developers.
  • Software Architecture & Design from Synopsys Recorded: Nov 2 2017 2 mins
    How well do your security controls align with industry best practices? Software design flaws account for up to 50 percent of security vulnerabilities. If you are only checking for bugs in your code or running fuzz tests against your system you might still miss up to half of the security vulnerabilities in your software. Auditing controls, authorizations, and component updates are essential strategies to help reduce security flaws and lower your risk of a breach. But how do you know whether they are implemented correctly? Introducing Software Architecture and Design from Synopsys. Our experts evaluate the design of your key security controls against industry best practices to determine if any are misconfigured, weak, misused, or missing.
  • Red Teaming from Synopsys Recorded: Nov 2 2017 2 mins
    Do you know how well your organization's people, processes, and technologies can withstand a real-life cyberattack? What level of access and information that an attacker might gain? Personal Identifying Information, Personal Account Number, or corporate intellectual property. What damage might a severe data breach cause? What harm such an attack might bring to the organization’s brand and reputation? Introducing Red Teaming from Synopsys. Red Teaming simulates an attack on the client’s organization to measure how well their people, process, and technologies can withstand a real-life attack situation.
  • Building Security In Maturity Model or BSIMM from Synopsys Recorded: Nov 2 2017 2 mins
    Your company spends a certain amount of money and time on its software security initiative but serious security initiative questions remain. Are we spending enough in Processes? Technology? People? Do the security efforts we have in place today even make sense? And, more critically, what are the other guys doing? Wouldn't it be great if you could compare your security model to others? You can. Introducing Building Security In Maturity Model or BSIMM from Synopsys. It's an analytical process that compares observations of your own software security initiative with that of others.
  • Managed Services from Synopsys Recorded: Nov 2 2017 2 mins
    Really good security experts are difficult to find and expensive to hire. On top of that, you may not have a consistent need for their skill set. Wouldn't it be great to pay only for what you need, only when you need it? Introducing Managed Services from Synopsys, a security-as-a-service (SaaS) for all your software security needs.
  • Silver Bullet Podcast #139 with Matias Madou Recorded: Oct 31 2017 26 mins
    Gary McGraw
    Matias Madou is a co-founder and the CTO of Secure Code Warrior, where he provides the company’s technology vision and oversees the engineering team. He has over 15 years of hands-on software security experience. Matias was a researcher at HP Fortify and a founder of Sensei Security. He also holds 10 patents and has been very active in technology transfer from the lab to commercial products. He’s a sought-after speaker as well, and we’re proud of his presence at the 2017 BSIMM Community Conference. Matias holds a Ph.D. in computer engineering from Ghent University and currently lives in Belgium with his family.

    Listen as Gary and Matias talk about effective software security testing methods, security research, secure development training, and more.
  • Getting Application Security Up to Speed with DevOps Recorded: Oct 10 2017 58 mins
    Scott Crawford, Research Director of Information Security with 451 Research, Meera Subbarao with Synopsys,
    The DevOps revolution continues to advance – and security must advance with it. Too often, however, approaches to application security remain stuck in the past. Throwing security assessment results over the fence to developers never really worked, and it certainly won’t survive the transition to DevOps and CI/CD, where agile techniques and automation set a demanding pace.

    In this webinar, Scott Crawford, Research Director of Information Security with 451 Research, and Meera Subbarao with Synopsys, will highlight:

    •The many points of opportunity DevOps present to engage in real collaboration across security, development and operations teams (it’s not just about testing!)
    •How DevOps introduces opportunities to “shift left” with the security investment, and reduce the cost impact of security remediation and response
    •Where and how security efforts can capitalize on automation and integration with DevOps toolsets
    •Sourcing expertise: Security and development both require specialized expertise. Security in DevOps requires a unique mix of both. How can you find it?
  • Silver Bullet Podcast #138 with Nicole Perlroth Recorded: Sep 29 2017 32 mins
    Gary McGraw
    Nicole Perlroth covers cyber security for the New York Times. Before joining the San Francisco bureau in 2011, she was deputy editor at Forbes where she covered venture capital and web start-ups. Nicole is the recipient of several journalism awards for her reporting on efforts by the chinese government to steal military and industrial trade secrets. She is currently working on a cyber security book, This Is How They Tell Me the World Ends for Penguin/Portfolio (2017). She holds a B.A. in Politics and Near Eastern Studies from Princeton and a M.A. in Journalism from Stanford. She’s a native of the Bay Area where she still lives.

    Listen as Gary and Nicole talk about life as a cyber security journalist, being a woman in the security industry, and playing up the sex appeal of cyber security.
  • Silver Bullet Podcast #137 with Wafaa Mamilli Recorded: Aug 30 2017 32 mins
    Gary McGraw
    Wafaa Mamilli is Vice President, Chief Information Security Officer (CISO) at Eli Lilly and Company where she leads a global, enterprise-wide information and product security organization. She started her career consulting in Paris prior to joining Lilly France in 1995. Before being named CISO, Wafaa held several international leadership responsibilities across Lilly, including a stint as Information Officer of their diabetes division.
  • Systems Failures Fuel Security-Focused Design Practices Recorded: Aug 2 2017 47 mins
    Christopher Rommel, Executive Vice President, VDC Research and Joe Jarzombek,Security Strategist, Synopsys
    Today’s electronic systems are more intelligent, more connected, and more at risk than ever before. A single vulnerability can lead to widespread system-of-systems compromises. Organizations participating in security-critical industries like Aerospace and Defense (A&D) are especially at risk.

    In this webinar, Christopher Rommel from VDC and Joe Jarzombek from Synopsys will discuss the results from a recent report highlighting issues facing these organizations. They will also identify what considerations need to be made for the security of software that enables and controls system functionality.

    This webinar will explore:
    • The importance of quality and security in current projects
    • The amount of code re-use from previous projects
    • How automated quality and security testing tools can integrate into your current SDLC
  • Silver Bullet Podcast #136 with Pavi Ramamurthy Recorded: Jul 31 2017 32 mins
    Gary McGraw
    Pavi Ramamurthy manages the security ecosystem at LinkedIn as a Senior Information Security Manager. The Security Ecosystem team holds much of the responsibility for software security at the firm, including: software security training, awareness, bug herding, application vulnerability response, program management, and security positioning for partners and customers. Pavi has over 20 years of experience in software engineering and development, coupled with 10 years of hands on security experience. She has also worked in various capacities at VMware, Determina, Vitria Technology, and 3Com. Pavi holds an MS in Computer Engineering from Santa Clara University and she lives in Silicon Valley with her family.

    Listen as Pavi and Gary discuss whether a background in development makes you a better software security resource, CI/CD, security testing, the role that office hours play in software security awareness, and more.
  • The Side Effects of the Internet of Things Recorded: Jul 25 2017 43 mins
    Chenxi Wang, ITSPmagazine | Ted Harrington, ISE | Gary Hayslip, Webroot | Mike Ahmadi, Synopsys
    - Broadcast LIVE from Las Vegas during Black Hat 2017 -
    Innovation is moving so fast. Each day there's a new device or technological service to hit the market designed to make our lives easier, more convenient, and perhaps even healthier. They listen to us, watch us, learn about us. They help us make decisions. They “guess” our next move - our pending desire. They make decisions - even take action on our behalf. As a society we snatch up these new devices as quickly as they hit the shelves and use them with open arms, unknowingly putting our privacy and safety at risk.

    How many devices are there? What are they used for? In this session, we’ll focus on the side effects associated with devices used to run our countries, our cities, our homes, our lives - even our physical being.

    Ultimately, it’s about the lack of cybersecurity - because there is a lack of cybersecurity, there’s no conversation about it, and therefore there is no understanding (awareness) of what’s at risk for using these devices. It’s not necessarily a bad thing - but the fact we are making uninformed decisions as a society means we could be putting ourselves and our loved ones at risk without even knowing it.

    This panel is part 1 of 2 parts - it’s all about the lack of security and the side effects it has on us as individuals and as a society. What are we trading in exchange for using these devices to make our lives “better”? Bottom line... are you (we) surrendering to the technology?

    - Ted Harrington, Executive Partner at Independent Security Evaluators
    - Gary Hayslip, Vice President & CISO, Webroot
    - Mike Ahmadi, Director of Critical Systems Security, Synopsys Software Integrity Group

    - Chenxi Wang, Host of The New Factor on ITSPmagazine
  • State of Software Composition 2017 - What's in your app? Recorded: Jul 12 2017 34 mins
    Robert Vamosi, CISSP and Security Strategist at Synopsys
    So much of the software today is created using third-party code, and why not? After all, it’s quicker and cheaper than building from scratch. Using third-party software, however, isn’t without challenges as the recent report The State of Software Composition Analysis 2017 reveals. In this webinar, the presenters will not only share highlights from this report, but they’ll also explore:

    •The use of trusted repositories for open source software, preferably from the source.
    •The use of SCA to monitor the ongoing state of software decay.
    •The need to update third-party software libraries as appropriate throughout the lifecycle.
  • What You Need To Know About Petya/NotPetya & Cyber Attack Protection Recorded: Jul 11 2017 59 mins
    Eric Hanselman (451 Research), May Wang (ZingBox), Ted Harrington (ISE), Mike Ahmadi (Synopsys)
    Another widespread cyber attack in late June wreaked havoc across businesses, organizations, banks, government agencies, utility companies, shipping companies, and even power plants. Was this a ransomware attack or something more sinister?

    Join this panel of industry leaders and security experts for an interactive session on:
    - Why cybersecurity is a key focus for enterprises and organizations worldwide
    - Why ransomware protection is more crucial than ever
    - How to best prepare against future cyber attacks
    - Steps your organization should take today to ensure data security. Short term steps and long-term strategy

    - May Wang, Co-founder & CTO of ZingBox
    - Ted Harrington, Executive Partner at Independent Security Evaluators
    - Mike Ahmadi, Director of Critical Systems Security, Synopsys Software Integrity Group

    - Eric Hanselman, Chief Analyst at 451 Research
  • Silver Bullet Podcast #135 with Ksenia Dmitrieva-Peguero Recorded: Jun 29 2017 26 mins
    Gary McGraw
    Ksenia Dmitrieva-Peguero is a Principal Consultant within Synopsys’ Software Integrity Group. She is a subject matter expert in a variety of software security practices including static analysis tool design and execution, customization, and deployment. She is also an expert in the areas of penetration testing and threat modeling. Throughout her career as a consultant, Ksenia has established and evolved secure coding guidance and best practices for many different firms, and has delivered numerous software security training sessions. She speaks regularly at events around the world on topics such as HTML5, CSP, and JavaScript. Ksenia holds degrees in Education and Computer Science from Clemson University, and an MS in Computer Science from George Washington University. She lives in Virginia with her husband and newborn daughter.

    Listen as Gary and Ksenia discuss software security awareness, AngularJS, security conferences, and more.
Application security is a journey.
We go beyond traditional application testing to empower you to build security into your software at every stage of your development process. We offer application testing and remediation expertise, guidance for structuring a software security initiative, training, and professional services for a proactive approach to application security.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Connected Cars: Driving Change in Automotive Software Security
  • Live at: Apr 5 2016 3:00 pm
  • Presented by: Chris Rommel (VDC Research); John Jacott (Synopsys Software Integrity Group)
  • From:
Your email has been sent.
or close