Hi [[ session.user.profile.firstName ]]

SAE Technical Webinar: Cybersecurity for the Life of the Car

Connectivity is making cybersecurity a must-have obligation from initial designs through end of life. Automakers and suppliers have several unique challenges as they attempt to provide connectivity in vehicles that have burgeoning amounts of software that must remain secure and efficient over long vehicle lifetimes. Throughout the industry, there is a race to leverage safeguards used in other industries in ways that meet automotive safety and reliability requirements.

During this one-hour webinar, industry experts will address design, development, and implementation of security-critical cyber-physical vehicle systems; implementation strategies, process, and lifecycle management; and cybersecurity assurance verification and validation practices being implemented by members of SAE working groups. A number of tools will be employed, many using over the air (OTA) updating to fix vulnerabilities and adapt to changing threats.

An audience Q&A will follow the technical presentations.
Recorded Jul 14 2016 61 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Mike Ahmadi, Global Director, Critical Systems Security, Synopsys Software Integrity Group
Presentation preview: SAE Technical Webinar: Cybersecurity for the Life of the Car

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Container Security – What you need to know! Oct 4 2018 5:30 am UTC 75 mins
    Tanay Sethi, Senior Security Architect, Synopsys
    Containers are revolutionizing application packaging and distribution. They’re lightweight and easy to build, deploy, and manage. But what about security? Your containers include more than the applications your team builds. They also bundle all the third-party software and open source components those apps depend on. In our webinar “Container Security – What you need to know!”, Tanay Sethi, Senior Security Architect, outline how you can prevent vulnerable code hiding in your containers from compromising your applications and sensitive data and how you can take control in the event when a new vulnerability breaks out for open source component present in your containers.
  • Security Champions: Only YOU Can Prevent File Forgery Aug 22 2018 4:00 pm UTC 60 mins
    Marisa Fagan, Product Security Lead, Synopsys
    If you’re a developer, there will come a time when you realize that you have the power not only to ship awesome features but also to protect them so that no one else can tamper with all your hard work. Every developer is responsible for coding securely, but a brave few among us will take this duty one step further by wearing the mantle of a Security Champion.

    This webinar is your guide to becoming the Security Champion you always wanted to be, in just five easy steps. We’ll also talk about what benefits you’ll get out of it, besides saving the world, and what to do if your company doesn’t have a Security Champions program or even a product security program.
  • DevSecOps: Security at the Speed of DevOps with Comcast Aug 3 2018 4:00 pm UTC 60 mins
    Larry Maccherone, Sr. Director DevSecOps Transformation, Comcast
    Security specialists, especially at large organizations, believe that better security comes from robust independent gating. On the other hand, DevOps has proven that you can safely deploy orders of magnitude faster than human gating can achieve.

    What’s needed to add security to DevOps are tools that work well with rapid-cycle CI/CD pipelines and an approach that reinforces the DevOps culture and process changes. This requires that security specialists become self-service toolsmiths and advisors and stop thinking of themselves as gatekeepers.

    This webinar includes guidance on the characteristics of security tools compatible with DevOps, but it focuses primarily on the harder part: the people. This talk introduces the DevSecOps manifesto and provides you with a process model, based on agile transformation techniques, to accomplish the necessary mindset shift and achieve an effective DevSecOps culture transformation. It has been successfully used in a large DevSecOps transformation at Comcast and has gained recognition in DevSecOps circles as a leading framework.
  • Reviewing Spectre 6 Months Later Jul 25 2018 4:00 pm UTC 30 mins
    Taylor Armerding, Senior Security Strategist for Synopsys
    It’s been more than six months since the major design flaw in computer chips labeled Spectre became public. And, as predicted, it is still haunting the world of information technology. The CPU (central processing unit) is, after all, the “brain” of any computer, phone, tablet, modern TV, or other “smart” device.
    Since then, we’ve all learned a bit about terms some of us had never heard before—“speculative execution,” anyone? We’ve also been told that you can’t just patch a chip the way you can patch bugs in software. But you can create work-arounds with software patches.
    In this webinar, Taylor Armerding, senior security strategist for Synopsys Software Integrity Group, will address some of the questions that “regular”—i.e., nontechnical—users may have about Spectre:
    - What is it?
    - How does it work?
    - Why does it work?
    - Why didn’t chip makers catch a flaw of this magnitude during the design phase?
    - Why is a tool called static analysis the best way to work around Spectre without causing intolerable performance slowdowns?
  • Trends in Security: How to Create a Scalable Threat-modeling Practice Recorded: Jul 17 2018 45 mins
    Chandu Ketkar, Principal Consultant, Synopsys
    For most organizations, performing threat-modeling is a difficult and an expensive undertaking. There are good reasons why this is the case. Threat modeling traditionally requires an experienced security architect with knowhow in architecture patterns, design patterns, a breadth of technologies, and above all deep security knowledge.

    Join this webinar and learn:

    - Consistency/Reliability: Use of patterns allows us to identify recurring problems/patterns and provide consistently the same solution. In security this means that identifying patterns during threat modeling will allow us to create consistent design, development, testing, and risk guidance.

    - Efficiency: Use of patterns allows us to automate some part of a problem while leaving the more complex concerns to be tackled by experts. This creates efficiencies.

    - Commonly understood taxonomy: Patterns create a common taxonomy for organizing knowledge, training users/practitioners, communicating with stakeholders (developers, testers, architects, security analysts, etc.)
  • How can static analysis help DevOps teams maintain velocity securely? Recorded: Jul 17 2018 46 mins
    Meera Rao, senior principal consultant and director of the secure development practice - Synopsys Software
    Static application security testing (SAST) is the process of examining source code for security defects. SAST is one of many checks in an application security assurance program designed to identify and mitigate security vulnerabilities early in the DevOps process. Integrating SAST tools into DevOps processes is critical to building a sustainable program. And automating these tools is also an important part of adoption, as it drives efficiency, consistency, and early detection.

    If you have questions like these, and you’re concerned about integrating SAST tooling into your DevOps process, this session will offer actionable advice to automate security testing that supports DevOps velocity.

    But DevOps practitioners looking to integrate SAST tools into the DevOps pipeline often have questions:

    How do I manage false positives?
    How do I triage the results?
    What happens to new issues identified?
    How can I use a tool in my DevOps pipeline?
  • *AST in CI/CD - How to Make it Work Recorded: Jul 17 2018 58 mins
    Ofer Maor, Director, Solutions Management at Synopsys
    SAST, IAST, DAST, MAST, *AST – There are plenty of technologies and ways to test your software, but how do we do that without slowing us down in a rapid development environment. In this session we will give practical advice on how to integrate software security testing into your CI/CD and your development process so it works. The session will review the pros and cons of each of the testing technologies, how to adapt it to rapid development, and how to make testing work as organizations are moving to A/B testing. Finally, this session will guide on how to manage the balance between risk and speed to build the right process, so that real threats will become blockers, but other issues will be handled in a parallel, slower cycle, without slowing down the main delivery.
  • Getting Your Bearings in a DevSecOps World Recorded: Jul 12 2018 48 mins
    Apoorva Phadke, Associate Principal Consultant, Synopsys
    Development and operations teams have already come a long way by aligning around the shared goal of delivering stable, high-quality software—quickly. By automating manual processes and building tools into the continuous integration and continuous delivery (CI/CD) pipeline, they’ve increased trust between groups, which is essential as these once-disparate teams tackle critical issues together. In this webinar, you’ll learn how to build a DevSecOps culture in your organization with automated and integrated application security tools and the right training for each team.
  • Building Your Application Security Toolkit: A Holistic Approach Recorded: Jun 22 2018 59 mins
    Stephen Giguere, Solution Engineer, Synopsys
    Open source management is a key part of any application security toolkit. But with so many different tools and techniques on the market, how can you decide what other tools you need to fully address the security risks of your applications? In this webinar, you’ll learn the benefits and limitations of several application security tools, including SAST, SCA, DAST, IAST, and fuzzing, as well as how they differ, so you can make informed decisions as you build your AppSec toolkit.
  • Do We Trust Software? Recorded: Jun 20 2018 46 mins
    Chris Clark, Principal Security Engineer – Strategic Initiatives, Synopsys
    Trying to keep pace in a highly connected world and increasingly hostile environment is a challenge for any developer, let alone an entire industry. To protect the software they write, developers turn to technologies and processes such as audits, reverse engineering, application firewalls, sandboxing, and many others to provide a level of protection. But these technologies also have the potential to become entry points for vulnerabilities. So do we really trust software?

    See how Synopsys started the software security journey and is taking an active role in providing industry expertise to help organizations deliver robust software security solutions. We will focus on how the cyber supply chain can have a direct and meaningful impact on the overall design and deployment of software. See how known vulnerability management, mitigation, and training can affect the known risk profile of overall software design. Learn about what we are working on and how you can participate in improving standards and programs that reduce cyber risk.
  • Ultimate Guide to Building Security into CI/CD Recorded: Jun 20 2018 45 mins
    Olli Jarva, Managing Consultant and Solution Architect, Synopsys Asia Pacific
    Security leaders must choose appropriate tools and build a culture that does not inhibit the development pipeline but supports it. In this webinar, Ultimate Guide to Building Security into CI/CD, Olli Jarva, Managing Consultant and Solution Architect, Synopsys Asia Pacific, outlines how security teams can work within a Continuous Delivery or Continuous Deployment model by building security into operational processes and an integrated, Continuous Integration toolchain. This integrated software security strategy is known as “Continuous Security.”
  • 2018 Open Source Audit Findings: How Do You Stack Up? Recorded: May 24 2018 28 mins
    Evan Klein, Head of Product Marketing for Software Composition Analysis, Synopsys
    Open source components are the foundation of modern applications, but ineffective management around open source can lead to serious risks and unwanted media attention when security flaws lead to data breaches. The Black Duck by Synopsys 2018 Open Source Security and Risk Analysis (OSSRA) examines the previous year’s open source and security news and analyzes trends based on the audits of more than 1,100 codebases.
    Not surprisingly, 96% of the audited codebases contained open source components, and nearly 78% of the codebases contained at least one vulnerability. As the percentage of open source in codebases continues to grow, it’s clear that open source management practices need to improve.
    In this webinar, open source expert Evan Klein will walk through the report’s findings in depth and discuss strategies companies can use to minimize open source security risk while maximizing the benefits open source provides.
  • Digging into DevSecOps: Realities and Opportunities Recorded: May 15 2018 62 mins
    Jay Lyman, Principal Analyst, Cloud Management and Containers, 451 Research; Meera Rao, Senior Principal Consultant, Synopsys
    To learn more about the realities of DevSecOps today and the real degree to which security is or is not being included in enterprise continuous integration/continuous delivery workflows, we surveyed 350 decision-makers at large enterprises across a variety of industries.

    What we found is that only about half of enterprise CI/CD workflows include any security elements at all, highlighting ample room for improvement. Enterprises did seem to show an awareness of the importance of adding security elements into DevOps releases, but they are not necessarily injecting security early in the process -- ideally at code commit and in pre-implementation. This webinar will cover these and other results of our survey, and offer guidance on how enterprise organizations can effectively integrate security tools, thinking and people into their CI/CD workflows to reduce rework and risk without sacrificing velocity.
  • Software is eating the world. The Embedded World that is. Recorded: May 10 2018 23 mins
    Art Dahnert
    And all that code needs to be secure. This presentation will discuss what happens when unsecured code on IoT/Embedded devices are released to the unsuspecting public and how the security industry (Synopsys) can help prevent this in the future. I will cover how the latest software development techniques can also incorporate the latest cutting edge tools to help eliminate security vulnerabilities before they make it to production. And finally how you can be a part of the solution instead of part of the problem.
  • Securing Your Applications Against Spectre Recorded: May 3 2018 31 mins
    James Croall, Director of SAST Product Management at Synopsys
    The recently discovered Spectre security vulnerability has taken the tech industry and security world by storm. By exploiting security vulnerabilities inherent in the design of many modern microprocessors, Spectre attacks can cause damaging leakage of personal information and data.

    There are several proposed workarounds to protect applications affected by Spectre. However, they can adversely affect performance and be time consuming for developers.

    A novel solution to mitigate Spectre is to use a static analysis tool that quickly identifies vulnerable code patterns that are likely to be exploited and reduces potential app performance degradation. In this webinar, James Croall, director of SAST product management at Synopsys, will detail how this works and cover the following:

    -What is Spectre and how is the attack carried out?
    -What are the various ways to mitigate the effects of this attack?
    -What can software development organizations do to help secure their apps against Spectre?
    -What are some best practices and examples of how to use Synopsys Static Analysis (Coverity) to better secure your apps against Spectre attacks?
  • DevSecOps Best Practices with Synopsys and GitHub Recorded: Apr 24 2018 50 mins
    Bryan Cross, Sr. Solutions Engineer, GitHub; Dave Meurer, Alliances Technical Mgr, Black Duck by Synopsys
    It's time to add “Sec” into DevOps! But while moving towards newer processes and technologies like agile methodologies, cloud and containers can help you build faster and deliver continuously, there's always the fear that adding security can severely slow things down. By using GitHub with Black Duck by Synopsys, you can automate your secure development workflows, shift security left, and avoid software rot.

    Whether you are an open source developer or enterprise software engineer, GitHub and Synopsys have solutions to help you put “Sec” into the center of DevOps without sacrificing speed and agility. In this live webinar, the experts from Synopsys and GitHub will demonstrate solutions for both open source and enterprise developers. Some highlights will include:

    - The real life of a vulnerability in 2017: Apache Struts
    - Black Duck CoPilot: It’s Free!
    - Black Duck your Pull Requests
  • Securing the Software Supply Chain – Binary Analysis and Open Source Security Recorded: Apr 11 2018 35 mins
    Lisa Bryngelson, Sr. Product Manager, Black Duck by Synopsys
    Organizations of all kinds increasingly rely on third-party software from their supply chain partners and outsourcers to power the products and technology they deliver to the marketplace. Whether you’re an automotive company or a medical device manufacturer, use of third-party software libraries is now commonplace and essential to success in the competitive global marketplace.

    One of the biggest challenges companies face with third-party software is they often have no visibility into the open source libraries being used in the software they embed in their products. Over the last year, a continuous stream of news stories has attributed major security breaches to exploits of vulnerabilities in open source frameworks used by Fortune 100 companies in education, government, financial services, retail and media.

    These incidents shine a light on the need for organizations to carefully manage the open source used in the third-party libraries they consumer in order to protect themselves—and their customers—from the consequences of catastrophic security breaches.

    Our webinar will arm you with the information and statistics needed to:

    -Explain the importance of open source security to your organization
    -Understand the key differences between identifying open source in source code vs. binaries
    -Define a clear road map for unearthing, managing, and securing the open source hiding in your software supply chain
    -Take the steps to help your company avoid becoming the next security breach media story
  • Securing the Modern Automobile from Software Security Threats Recorded: Mar 29 2018 43 mins
    Art Dahnert, Managing Consultant, Synopsys
    Today’s automobiles are advanced, complex machines relying on dozens of computers and millions of lines of software code. They are also increasingly targets for sophisticated hackers. In fact, the software running on your car could contain multiple flaws that allow an attacker to take over control of the vehicle – either in your driveway or on the freeway. What steps are manufacturers taking to secure all of that code?

    Register for our webinar to learn about these topics and more:
    - The kinds of security flaws that are possible and how were they're exploited
    - How vulnerabilities can be mitigated
    - Ways to build security in from the beginning of the software/system development process
    - Unique approaches manufacturers are taking to deal with some of these issues and what that means to you
  • Application Security: What to Know for 2018 Recorded: Mar 27 2018 55 mins
    Mike Pittenger, Security Strategist
    Application security is quickly becoming a "must have" for security teams. High profile breaches, including Equifax and a multitude of ransomware attacks, have the attention of senior management of company Boards. Knowing where to start can be difficult.

    Not every company has the same needs or organizational maturity to manage a full-blown application security program. This webinar will cover some of the tools and exercises deployed by application security teams to build security into their processes, including:

    - Tools and security tips for each phase of the development lifecycle
    - Which tools to use for different types of code
    - In-house and 3rd party options for starting an application security program
  • Software Development with Open Source: Securing Applications and IP Recorded: Mar 21 2018 59 mins
    Tim Mackey, Sr. Technology Evangelist at Black Duck by Synopsys
    Open source software is embraced by developers, enterprises, and governments at every level, and with it comes many strong opinions and few facts. How much open source is really being used in the applications you buy? Does the "many eyes" theory make open source more secure? Does traditional security testing address vulnerabilities in open source?

    With organizations becoming more agile but facing increasing regulatory governance, understanding how open source software development works, and how to secure open source, is increasingly important. In this session we’ll cover:
    - Code contribution and IP management
    - Fork management
    - Release process
    - Security response processes
    - Realities of IP risk and open source
    - Pass through security risk and responsibility
    - Keeping up with scope of impact changes within a single disclosure
    - Automating awareness of security risk from development through integration and delivery to deployment
Application security is a journey.
We go beyond traditional application testing to empower you to build security into your software at every stage of your development process. We offer application testing and remediation expertise, guidance for structuring a software security initiative, training, and professional services for a proactive approach to application security.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: SAE Technical Webinar: Cybersecurity for the Life of the Car
  • Live at: Jul 14 2016 6:20 pm
  • Presented by: Mike Ahmadi, Global Director, Critical Systems Security, Synopsys Software Integrity Group
  • From:
Your email has been sent.
or close