From Open Source Compliance to Security – Protect With Black Duck
Join us for the very first in a series of highly interactive webinars to learn why managing open source vulnerabilities has become the top concern of many corporations today. Having survived a few high-profile vulnerabilities such as Heartbleed, Shellshock, and Ghost, the need to more proactively manage the open source software used to build your own applications has become paramount. In this webinar, our experts will demonstrate how you can leverage your existing investment in Black Duck Protex and Code Center and quickly get visibility and control of these types of security risks by using our next-generation platform – The Black Duck Hub. After a fast-paced demonstration, we’ll leave plenty of time for you to ask our experts questions. We’ll also provide you with a preview of the next webinar in the series which will showcase brand new policy management capabilities in the Black Duck Hub.
You Will Learn How To:
-Identify open source security vulnerabilities in minutes with your Protex BOM and the new Black Duck Hub
-Address high profile vulnerabilities more quickly using Black Duck Hub notifications
-Track remediation of open source vulnerabilities in your projects
RecordedMar 31 201621 mins
Your place is confirmed, we'll send you email reminders
More and more innovation in the healthcare industry is powered by open source software, whether it’s for a new pacemaker or the latest Electronic Medical Records (EMR) platform.
A recent study of more than 1,000 commercial software applications found that open source components comprised 46% of the code in commercial applications for healthcare-related industries. But with innovation comes risk. The same research uncovered high-risk open source security vulnerabilities in 47% of the healthcare applications studied.
A focused approach to managing open source risk is essential as HIPAA and the European Union’s General Data Protection Regulation (GDPR) put new pressures on healthcare providers and technology companies to protect patient data privacy and security.
If you're concerned with healthcare application security, learn why open source management is essential for your overall security strategy.
Jamie Duncan, Cloud Solutions Architect, Red Hat; Tim Mackey, Sr. Technology Evangelist, Black Duck
Local and Federal government agencies are increasingly turning to container environments to meet the demand for faster, more agile software development. However, containers present a new array of security challenges, including how to properly manage open source security risk.
Join experts from Red Hat and Black Duck for an educational webinar on securing open source in your containers.
· Why container environments present new application security challenges, including those posed by open source
· How to scan applications running in containers to identify open source and map against known vulnerabilities
· Best practices and methodologies for deploying secure containers
Join our next customer webinar where YOU are the star of the show! Our Ask the Experts panel features Hal Hearst, Principal Product Manager; Utsav Sanghani, Product Manager; and Don Mulrenan, Manager Implementation Services. They’ll present their top three tips for scanning your code, helping you use Black Duck Hub’s features most effectively. We’ll leave plenty of time for Q&A with the panel. Submit your questions now by emailing firstname.lastname@example.org, or ask them during the webinar. We’re excited to have this opportunity to answer your questions and hear your feedback about Black Duck Hub. Register today.
Tim Mackey, Sr. Technology Evangelist, Black Duck; Bob Canaway, CMO, Black Duck
Today, open source drives technology and development, and its worldwide adoption ranges from companies with a single employee to large corporations like Microsoft and Apple. All of these organizations rely on open source to innovate, reduce development costs, and speed time to market. Recent research reports point out that open source comprises 80% to 90% of the code in a typical application. Our Open Source 360° survey provides an update on the rapid evolution of open source development, use and management.
The 2017 Open Source 360° survey was conducted through Black Duck’s Center for Open Source Research & Innovation (COSRI), focusing on four important areas of open source – usage, risk, contributions and governance/policies. Our respondents include input from new players, established leaders, and influencers across vertical markets and communities. This range of respondents drives broad industry awareness and discussions of these key issues.
Please join Technology Evangelist Tim Mackey (@timintech) and CMO Bob Canaway (@bobcanaway) to review the results from the Open Source 360 Survey. Please bring your questions!
Follow the conversation on Twitter, using the hashtag #OSS360.
Steven S. Fang Sr. Counsel Kastner Huggins Reddien Gravelle LLP; Phil Odence VP & General Manager Black Duck Software
In potential tech M&A transactions, both buyers and sellers are focused on the IP quality and security of the most valuable asset – software. Both are extremely important to the sellers, who are looking for the best price, and to acquirers, who want to ensure a future return on their investment.
During this webinar, open source experts from Black Duck and the Austin legal firm KHRG will discuss best practices as well as pitfalls to avoid to protect IP quality and security. The session will include:
- Security and license compliance issues to consider when using open source
- Best practices for ensuring ongoing management of open source licenses and security
- Latest trends in open source software use by developers
- Examples of how improper code management has impacted software acquisitions
- Anatomy of the M&A technical due diligence process and how best to prepare
Amy DeMartine, Forrester Principal Analyst; Patrick Carey, Black Duck
Open source software is the lifeblood of today’s enterprise applications, comprising 80%-90% of the code. However, open source use comes with significant security and IP risks that both enterprise and smaller organizations are ill-prepared to address.
As development teams increasingly automate the software development lifecycle (SDLC) through the use of agile DevOps tools and practices, the need to mitigate these risks through integration of Software Composition Analysis (SCA) into the DevOps tool chain has become critical.
In this 60-minute webinar, guest speaker, Forrester Principal Analyst Amy DeMartine, and Black Duck Director of Product Marketing Patrick Carey, will discuss findings from the recent report: The Forrester Wave™: Software Composition Analysis, Q1 2017 and why SCA should be a key part of your Secure DevOps strategy.
The discussion topics will include:
- Why you need a software composition analysis (SCA) solution
- How SCA solutions help you manage open source vulnerability, compliance, and component quality risks
- Criteria to consider when selecting an SCA solution
- Why it's important to integrate SCA into your automated DevOps environment
Pat Durante, Senior Director Education Services; John Beaudoin, Senior Instructional Designer
Please join us for the next Black Duck Customer Success Webinar and learn about the features and enhancements in the latest Hub release – version 3.6. It includes new usability and project management improvements as well as administration and integration enhancements.
- Leveraging the new Hub Reporting Database to programmatically access project, project version, component version, and component license data for custom data reporting and analysis.
- Taking advantage of the new Print View option which displays the Bill of Materials in a format suitable for easy printing or exporting.
- Adding subprojects to your Bill of Materials. For example, if you have projects used by other applications, you can add them to a BOM so that the BOM accurately reflects the elements in your application.
- Using the updated Hub 3.6 Scan Client to scan Docker Images. We’ve introduced a new script, bundled with the Hub Scanner, to scan your Docker images for open source.
Mike Pittenger, VP Security Strategy, Black Duck Software
Open source components are the foundation of today’s applications. Ineffective security and management of open source is pervasive.
That stark contrast marks Black Duck’s recently released 2017 Open Source Security and Risk Analysis (OSSRA), which is based on code audits of more than 1000 applications. Not surprisingly, 97% of the audited applications contained open source. Disturbingly, 67% of the applications contained known open source vulnerabilities.
In this webinar, Black Duck VP of Security Strategy Mike Pittenger will review the audit findings in depth and discuss strategies companies can use to minimize open source security risk while maximizing the economic and productivity value open source provides.
Phil Odence, Vice President & General Manager On-Demand Audits; Mike Pittenger, VP Security Strategy
Open source software use is ubiquitous worldwide, increasing the importance that M&A professionals understand the potential security, license compliance, and operational risks open source represents in today’s transactions.
This webinar will detail findings in a recent report issued by Black Duck’s Center for Open Source Research and Innovation (COSRI) showing that most M&A target organizations are not effective in securing and managing their open source.
Black Duck On-Demand audits hundreds of commercial code bases each year. The Open Source Security and Risk Analysis (OSSRA) will provide insight and results from over 1000 audits performed in 2016, including:
- The number, age and severity of vulnerabilities in the open source components
- The gap between the number of open source components used versus what the target company thought it was using
- The prevalence of open source components using licenses that could put IP at risk
Jim Markwith, Managing Partner at Symons Markwith LLP
Today’s rapidly changing technologies, including the proliferation of open source and the accelerating shift to the cloud, are increasing the use of outside experts for both application development and IT solutions. At the same time, IP security is top of mind worldwide. This presentation will look at ways organizations can outsource to meet their development needs and also address open source security and management risks before giving contractors access to their valuable technologies.
Jim Markwith is an experienced technology and corporate transactions attorney with over 20 years of experience. His clients range from start-ups to fortune 50 technology leaders, including computer software, on-line retail, and Healthcare IT product and service developers. Prior to private practice, Jim held Executive and Senior in-house legal positions with Microsoft, Adobe Systems, and Allscripts Healthcare. Jim received his J.D. degree from Santa Clara University School of Law, and is a member of the California, Washington, DC, and Washington State Bar Associations.
For more information on Jim, please click http://symonsmarkwith.com/jim-markwith. For questions about this presentation, or for more information on available legal support, please contact Jim at email@example.com.
Applications are the primary target for hackers with a staggering 84% of cybersecurity attacks focused on the application layer. Without effective tools to find and fix application security vulnerabilities, your organization is at risk. However, with lots of available tools – from Dynamic Analysis Security Testing (DAST) and Static Analysis Security Testing (SAST) to Open Source Security Vulnerability Management – selecting the right ones to ensure effective application security is a challenge.
This webinar will provide an overview of application security risks, the types of solutions available, and where each excels or falls short. You will learn how to assemble a comprehensive application security toolkit to help you stay secure throughout the software application development and management lifecycle.
Mark Radcliffe, DLA Piper; Bernd Siebers, DLA Piper, Phil Odence, Black Duck
The next wave of open source compliance challenges is upon us. Historically, enforcement has been a community based effort with an emphasis on “doing the right thing”. In recent years, however, we have seen the emergence of private enforcement and enforcement driven by entities and individuals for purposes of economic gain. In some cases these actions are to enforce legitimate interests arising from, for instance, dual licensing models. In other cases, copyright “trolls” are pressing an agenda. In this webinar, Mark Radcliffe and Bernd Siebers will review some of the current litigation trends, evaluate how the different elements of the open source community are reacting to these trends and offer insights and strategies for avoiding the cross-hairs. This includes taking a closer look at open source cases litigated in 2016 in Germany, including the following questions:
- Are we experiencing a shift in jurisprudence?
- What should users and developers of open source software do to protect themselves?
- What's the contribution of the open source community?
Bob Genshaft, Wolters Kluwer; Phil Odence, Black Duck Software
Companies are constantly seeking ways to ensure their application code is secure and effectively managed. For example, M&A acquirers conduct one-time code audits on companies they are buying to avoid legal, operational or security pitfalls. Other organizations are proactive, using an ongoing solution to make sure their application code is secure and well managed on a day-to-day basis. Increasingly, many companies are opting to use both approaches.
Join Bob Genshaft, Director Strategic Programs at Wolters Kluwer, and Black Duck's VP and General Manager On-Demand Audits Phil Odence for a discussion that will address key open source security and management questions:
· When is it appropriate to conduct an audit?
· When should your company consider an ongoing solution?
· What are the benefits of doing both?
Constantine Grancharov - IBM, Mike Pittenger - Black Duck Software
Enterprises face an array of application security challenges that impact their risk profiles, revenue streams, operational continuity, development agility and legal exposure.
What’s your plan of action when a security breach or critical vulnerability can’t be fixed quickly? How do you remediate application security issues with the least impact on operations and revenue, and what are the legal implications if you can’t? How do you effectively manage application security and maintain agility in a multi-stream, DevOps environment? And, do you really understand what your application security risk profile is?
Experts from IBM and Black Duck will address these questions in our webinar. We’ll also share the latest research and best practices that global organizations are using to minimize application security risks. You’ll learn:
- Innovative application security practices large enterprises use for DevOps and Continuous Integration environments
- Scalable approaches to designing application testing for different agile-development pipelines
- Best practices for minimizing the impact of security vulnerabilities when immediate fixes can’t be made.
Pat Durante, Senior Director Education Services; John Beaudoin, Senior Instructional Designer
Increasingly, organizations worldwide are implementing open source security and license risk assessment capabilities early in the software development lifecycle when the cost to remediate issues is lowest. This webinar will demonstrate Black Duck Hub’s effectiveness in providing comprehensive risk assessments when used in combination with our Eclipse IDE plugin, Build Tool, and CI Tool integrations. Additionally, we'll review valuable new features in Black Duck Hub 3.5.
You’ll also learn:
- How to improve the accuracy of your open source inventory by leverage open source dependency discovery techniques for build tools and package managers
- Options for incorporating Hub scanning into your Continuous Integration environments
- How to track remediation tasks using the Hub-Jira integration
- How to streamline your component review process
- Use cases for scanning binary repositories such as Artifactory
Karen Copenhaver, Partner, Choate Hall & Stewart/Counsel, Linux Foundation; Mark Radcliffe Partner, DLA Piper/Counsel OSI
This annual review will highlight the most significant legal developments related to open source software in 2016, including:
- Current litigation
- An open source security update
- Companies open sourcing their own code
- FCC banning open source in routers
Gain insights into these important legal developments from two of the leading open source legal experts, Karen Copenhaver, Partner at Choate Hall & Stewart and Counsel for the Linux Foundation, and Mark Radcliffe, Partner at DLA Piper and General Counsel for the Open Source Initiative.
Increase security effectiveness and maintain dev agility
Three certainties in 2017: organizations worldwide will continue to increase their use of open source software; new open source security vulnerabilities will be discovered; exploits of open source vulnerabilities will occur.
With dev teams under constant pressure to accelerate application delivery and with security resources often scarce, organizations need more effective ways to determine which open source vulnerabilities to fix first and the options available to reduce risk during remediation.
Join Black Duck VP of Security Strategy Mike Pittenger as he discusses strategies and emerging best practices for risk-ranking open source vulnerabilities. He will cover:
- the most important considerations in prioritizing open source security issues
- ways to determine the risk associated with a discovered open source vulnerability
- options for dealing with open source security vulnerabilities beyond simply replacing the component
Poonam Yadav, Product Manager, HPE Security Fortify; Mike Pittenger, VP of Security Strategy, Black Duck
Application security broke new ground in 2016. The shift to DevOps has driven the need for new technologies and different levels of integration across the development ecosystem. The focus is pulling all your organization’s technologies together and bring in products that easily and seamlessly fit into any environment, thereby further automating security while maintaining development agility. These enhancements deliver a more complete view of application-security health, making it possible to assess Static, Dynamic, Interactive and Open Source security in a single view.
Advancements have been made but as we’ve learned, application security is ever changing. New technology trends – container adoption, IoT, for example – mean new security considerations and AppSec innovation must continue in 2017.
In this webinar presented by experts from HPE Security Fortify and Black Duck, you'll learn about:
- The major AppSec advancements in 2016 and their impact on software security health
- New ways AppSec will evolve in the coming year, including the areas of remediation improvement and cloud integration, DevOps, and Continuous Integration
- Check list of AppSec best practices for your 2017 toolbox
Karen Copenhaver, Partner, Choate Hall & Stewart/Counsel, Linux Foundation; Mark Radcliffe Partner, DLA Piper/Counsel OSI
Despite open source software's long history - Linux just turned 25 - legal and risk questions about open source use still abound. Black Duck On-Demand Vice President & General Manager Phil Odence regularly fields open source-related questions as he speaks with tech executives and their counsel. Listen in as Phil goes through some of the most frequently asked questions and gets expert answers from Attorneys Karen Copenhaver and Mark Radcliffe. Both are well versed in the legal nuances of open source, and are able to turn their expertise into practical, actionable advice as they ably demonstrate in this webinar.
Pat Durante, Senior Director Education Services; John Beaudoin, Senior Instructional Designer; Dave Gruber, VP of Product
During our next customer webinar, we’ll share expert tips and best practices on how to extract maximum value from the latest features available in Black Duck Hub. The new integrations and features help improve both open source security and compliance. You’ll learn how to:
•Track remediation tasks using the new Hub-Jira integration
•Leverage new open source discovery techniques for Ruby Gems and Node.js as well as build integrations for Maven/Gradle to improve the accuracy of your open source inventory
•Customize your notices file so that all open source is properly attributed
•Leverage the new Hub-Email Extension to push notifications via email
•Incorporate Hub scanning into your Jenkins pipeline projects
Webcasts around application security and open source.
Organizations worldwide use Black Duck products to secure and manage open source software, eliminating pain related to open source security vulnerabilities and open source license compliance.You’ll learn:
• New security challenges facing today’s popular DevOps and Continuous Integration (CI) practices.
• Best practices for designing and incorporating an automated approach to application security into your existing development environment.
• Future development and application security challenges organizations will face and what they can do to prepare.