Name: The Fragility of Open Source
Start: 2023-02-16T15:00:00Z
End: 2023-02-16T16:00:38.000Z
Location: BrightTALK
Rating: 0

Veracode delivers the most widely used cloud-based platform for securing web, mobile, legacy and third-party enterprise applications. By identifying critical application-layer threats before cyber-attackers can find and exploit them, Veracode helps enterprises deliver innovation to market faster — without sacrificing security.

Almost one-third of applications entering production contain security flaws. What can be done to reduce the introduction (and accumulation) of flaws over time? Our recent report analysed 17 years of data and three-quarters of million apps to answer this question.  
 
Tune in and learn the report’s key insights from the Pros of DevSecOps. You’ll discover:
 
• Riskiest “ages” across the application lifecycle
• Flaw profiles by language 
• Concrete steps to reduce introduction and accumulation of security flaws 
• Open-source findings that turn conventional wisdom on its head

Data-Backed Ways to Reduce Security Debt

Casi un tercio de las aplicaciones tienen vulnerabilidades cuando pasan a producción. A medida que pasa el tiempo, se acumulan más fallos, lo que genera un aumento de la deuda de seguridad. Pero, ¿qué sucedería si pudieramos evitar la introducción de vulnerabilidades en las primeras etapas de su desarrollo? Nuestro informe anual sobre el estado de la seguridad de las aplicaciones, “State of Software Security 2023”, proporciona importantes hallazgos para mejorar la seguridad del software. En esta sesión trataremos:

- Fases que potencialmente suponen un mayor riesgo a lo largo del ciclo de vida de la aplicación 
- Lenguajes y Framework: principales vulnerabilidades 
- Pasos concretos para reducir la introducción y acumulación de vulnerabilidades 
- Hallazgos de código abierto que cambian por completo el concepto tradicional

Reducir la introducción de vulnerabilidades en fases tempranas del desarrollo

Wir haben Daten aus 17 Jahren und eine dreiviertel Million Apps analysiert, um eine entscheidende Frage zur Softwaresicherheit zu beantworten: Wie können Unternehmen verhindern, dass Sicherheitslücken überhaupt entstehen? 

Finden Sie heraus, was wir entdeckt haben, und weitere wichtige Erkenntnisse aus dem neuen Veracode State of Software Report 2023, darunter: 
> Die riskantesten „Zeiten“ im gesamten Anwendungslebenszyklus 
> Top-Fehler nach Sprache 
> Konkrete Schritte zur Verringerung der Einführung und Häufung von Sicherheitslücken 
> Open-Source-Erkenntnisse, die herkömmliche Weisheiten auf den Kopf stellen

Wie die neusten Forschungsergebnisse von Veracode Ihre Software security

Veracode’s latest software security research shows that 32% of applications contain security flaws at the first scan, and this jumps to 70% by the five-year mark. We dug into 17 years of data and analyzed three-quarters of a million applications to answer a crucial question: What can be done to avoid introducing security flaws in the first place? Watch this short video to learn data-backed steps you can take to reduce flaw introduction, remediate flaws faster and lower security debt.

VeraTalk: Fast 15 on 2023's State of Software Security

APIs, containers, and clouds, oh my! Organizations use modern software development to deliver incredible user experiences and better performance. Just don’t look behind the curtain; behind that curtain, ingress points and opportunities for attackers are proliferating. That’s why securing cloud-native applications needs to mature beyond run-time protection.

In this webinar, you’ll learn the steps for integrating security into your entire SDLC to pay down your security debt and prevent future risks. Join Veracode’s Scott Simpson and Optiv’s Jim Canup to hear real-world experiences, best practices, and insights into how customers can apply these principles and deliver positive results at scale.

How To Mature Cloud-native Application Security Programs

It’s not hard to set application security goals. What is hard is defining an appropriate level of risk and measuring your AppSec program’s efficacy against your investments and industry peers. In 15 focused minutes, learn how to apply data and analytics to make security a competitive advantage by:

- Leveraging peer benchmarking to quantify strengths/weaknesses, define goals, and communicate to leadership
- Tracking KPIs and performance over time
- Measurably improving AppSec outcomes and preventing future risk

VeraTalk: Improve AppSec Outcomes With Contextual Data

To truly reduce software security risk, businesses require a single platform that brings security and development teams together and provides a complete and managed view of security risk across the software development lifecycle (SDLC). 

Join this session hosted by Brandvakt and Software Security leader Veracode were we’ll discuss:

• The benefit of investing in a platform that incorporates the entire testing suite enabling monitoring and coordination of security testing of all software artifacts 
• The value of a frictionless developer experience that meets developers where they work
• How the Veracode platform delivers on-demand insights interconnecting policy and governance with a single view into the entire software development lifecycle
• A demonstration of the platform and insights on API scanning, Container scanning and exciting new innovations such as intelligent remediation
• Value added vulnerability remediation support provided by Brandvakt team

Secure your spot today, we hope you can join us.

Effective Software Security for a Cloud-Native World

As developers embrace cloud-native computing practices, containers have become essential for simplifying software deployment and runtime environment configuration management. Yet despite their many benefits, software containers may also include significant risks. Lack of visibility into containers means security and development teams are often unable to discern whether there are any issues within the code. Moreover, not scanning containers for vulnerabilities before or after being deployed to production, may lead to major security gaps.

Join this live panel discussion to learn tips for creating a winning container security strategy for 2023. You’ll explore:


The evolving container landscape: Early days, ongoing container wars, and industry-specific standards
How rapidly rising container security requirements are re-shaping container development, AppSec workflows, and software supply chain protection strategies

The three key stages of container security scanning

Developer-friendly best practices for integrating container security into the software development lifecycle without slowing down

2023 Ways To Secure Your Container

Leveraging open-source libraries can speed development times, but how do you determine what’s safe to use? Learn the latest research behind the answer to this question from Forrester and the State of Software Security 2023 in our webinar: The Fragility of Open Source.

The Fragility of Open Source

Securing your software can sometimes feel daunting – with so many languages and frameworks, where to even begin? Watch 15 jam-packed minutes to learn how the right research approach can help teams focus efforts, continuously drive down false positive rates, and make smarter, more informed decisions. 

You will learn:
- What goes into researching security flaws within a specific language or framework
- The importance of scaling applied research findings as frameworks evolve and new ones emerge
- A day in the life of a security researcher, essential skill requirements, and common gaps
- What’s next in application security (AppSec) research

VeraTalk: Show Me The Research

Ryan O'Boyle and Kenneth G. Hartman discuss the role of DevSecOps metrics in determining effective objectives and key results (OKRs) and making data-driven decisions. They will discuss example metrics related to SAST and DAST scanning and code provenance and demonstrate how to calculate these metrics as a natural part of the DevSecOps workflow. You will learn how to:

- Devise metrics that focus the DevSecOps team’s efforts on the biggest impacts
- Maximize team member buy-in
- Minimize unintended consequences

DevSecOps Success: What's Team Metrics Got to Do With It?

Application Security

IT Security

Cyber Attacks

Open Source

Security

Forrester

Market Research

Cloud Native

Cloud

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

The Fragility of Open Source

Presented by

About this talk

More from this channel