Hi [[ session.user.profile.firstName ]]

Software Security Assurance for DevOps - Hewlett Packard Enterprise + Black Duck

Open source software is an integral part of today’s technology ecosystem, powering everything from enterprise and mobile applications to cloud computing, containers and the Internet of Things.
 
While open source offers attractive economic and productivity benefits for application development, it also presents organizations with significant security challenges. Every year, thousands of new open source security vulnerabilities – such as Heartbleed, Venom and Shellshock – are reported. Unfortunately, many organizations lack visibility into and control of their open source. Addressing this challenge is vital for ensuring security in applications and containers.
 
Whether you’re building software for customers or for internal use, the majority of the code is likely open source and securing it is no easy task. In this session, you’ll learn about:

• The evolving DevOps and software security assurance lifecycle in the age of open source
• The software security considerations CISOs, security, and development teams must address when using open source
• An automated approach to identifying vulnerabilities and managing software security assurance for custom and open source code.
Recorded Aug 11 2016 42 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Michael Right, Senior Product Manager, HPE Security Fortify; Mike Pittenger, VP of Security Strategy, Black Duck
Presentation preview: Software Security Assurance for DevOps - Hewlett Packard Enterprise + Black Duck
  • Channel
  • Channel profile
  • Open Source Risk in M&A by the Numbers Apr 11 2019 4:00 pm UTC 60 mins
    Phil Odence, General Manager, Black Duck On-Demand
    In over 1000 code bases audited in 2018, Black Duck found that nearly every one contained open source components. Not only that, but a significant % of “proprietary code” overall was open source. Virtually every company building software is now depending on open source, and with great reason. However, left unmanaged, open source can lead to license compliance issues plus security and code quality risks. Whether you’re on the buy side or sell side, these risks could negatively valuation in an M&A transaction.

    Many acquirers have come to understand all this in concept; Black Duck has the data. Join us for this webinar as we answer questions about the code of tech companies being acquired today. We’ll cover:


    • Open source license and security risks by the numbers
    • Why audits have become the norm in M&A tech due diligence
    • How you can get a complete picture of open source risks

    Don’t miss this informational webinar – register today.
  • Understanding Open Source – Strengths and Challenges for Enterprise users Apr 11 2019 5:30 am UTC 90 mins
    Balaji Bhardwaj, Senior Security Engineer, Synopsys Software Integrity Group
    Open source usage has had a steady increase over the years and so has the Open Source content, which has seen exponential release. The strength of open source is attributed to the fact that there has been a growing adoption of Open source in enterprise application.

    In our 11th April 2019 webinar, Balaji Bhardwaj, Senior Security Engineer, Synopsys Software Integrity Group, will provide insights into the following:
    •Usage trends of Open Source
    •How large enterprise users understands risks associated with using Open Source
    •Methodologies derived to mitigate Open Source risks and issues
    •Is Open Source an enabler or a liability
  • Introducing the Polaris Software Integrity Platform Apr 3 2019 4:00 pm UTC 60 mins
    Utsav Sanghani, Sr. Product Manager; Neal Goldman, Sr. Product Manager; James Croall, Product Management Director
    The Product Team at Synopsys is excited to introduce the Polaris Software Integrity Platform™, which brings the power of Synopsys Software Integrity products and services together into an integrated solution that enables security and development teams to build secure, high-quality software faster. Polaris uses a SaaS delivery model and provides a centralized web-based user interface for Synopsys products and services—ensuring quick deployment and a unified user experience across Synopsys solutions.

    Polaris includes Code Sight™, our new IDE plugin that automatically and continuously analyzes code as it’s being written—allowing developers to focus on their tasks at hand without needing to initiate scans or leave the IDE for security information.

    By unifying our market-leading solutions on a single platform, Polaris simplifies the deployment and operation of application security tools, so teams can quickly prioritize and remove exploitable software vulnerabilities across their application portfolio. In this webinar, you’ll learn:

    - How Polaris empowers DevOps managers with easy-to-use, automated CI/CD integrations
    - How Code Sight provides the real-time feedback developers need to fix their code quickly, as they write it
    - How Polaris’ extensible, cross-product reporting capabilities help security practitioners prioritize security issues and measure compliance across their application portfolio
  • Top Considerations for Software Audits in M&A Due Diligence Mar 21 2019 4:00 pm UTC 60 mins
    Phil Odence, Synopsys
    There is risk in any M&A transaction but having the right tech due diligence approach can help mitigate those risks. If software is a large part of the deal valuation, you need to understand any potential legal and security risks in the target’s codebase that could affect the value of the IP, and the remediation required to address those risks.

    Join Phil Odence, General Manager of Black Duck On-Demand with Synopsys, to take a closer look at how you can identify and reduce risks in M&A tech due diligence. He’ll cover the following points and more:

    • Application Risks: What’s in the code
    • Taking a comprehensive approach to security audits
    • Choosing the right partner for audits

    Don’t miss this informational webinar. Register today!
  • Master Class: Life Cycle of an Open Source Vulnerability Mar 13 2019 4:00 pm UTC 60 mins
    Tim Mackey, Sr. Technology Evangelist, Synopsys SIG
    The world of software development has firmly adopted open source development paradigms. Regardless of the type of application you’re developing, it’s safe to say that open source is a key part of your solution—whether you wanted it to be or not. Similarly, developers deal with security issues in their code throughout the development cycle, but most don’t think about how open source components affect the security of their end product. In this master class, we’ll look at how open source development works, how open source components are embedded in solutions, and how an open source vulnerability is both disclosed and patched. After all, while open source software is just as secure as its commercial cousins, the security disclosure processes for the two types of software is far from the same!
  • Security at the Speed of Development Feb 28 2019 5:00 pm UTC 60 mins
    Andrei Bezdedeanu, VP of Engineering, CYBRIC & Dave Meurer, Alliances Technical Manager, Synopsys
    Moving to cloud-native development is no less transformative than were moves from client/server to web, or from browsers to mobile devices. The software life cycle has changed, and along with it, the cadence of development and the tools on which that life cycle depends. The best security tools have required a lot of hand-holding to accomplish their thorough analyses.

    In this webinar, we’ll discuss recent advancements in best-of-breed security tools (such as composition analysis and vulnerability discovery) that allow organizations to scale their use to a portfolio of software without an army of staff. We’ll discuss how test orchestration and vulnerability management platforms allow CISOs to package these tools as “software security in a box” and deploy them seamlessly to brownfield development teams maintaining large business-critical software, as well as those tiger teams conducting digital transformation in a hybrid or multicloud world.

    Key topic areas:
    * Coverity 2018.12
    * Seeker
    * Black Duck, now with binary support
    * CYBRIC Security Platform
  • Shifting Gears: Focus on Cybersecurity Feb 27 2019 6:00 pm UTC 60 mins
    Larry Ponemon, Founder, Ponemon Institute; Tim Weisenberger, PM, SAE; Chris Clark, Principal Security Engineer, Synopsys
    Today’s vehicle is a connected, mobile computer, a situation that has introduced an issue the automotive industry has limited experience dealing with: cybersecurity risk. Automotive manufacturers have become as much software companies as they are transportation companies, facing all the challenges inherent to software security.

    In this webinar, Synopsys and SAE International experts will discuss key findings from the report Securing the Modern Vehicle: A Study of Automotive Industry Cybersecurity Practices, including these:
    - The automotive industry has insufficient cybersecurity resources and skills.
    - Some of those most knowledgeable about automotive cybersecurity feel powerless to voice their concerns.
    - Automotive cybersecurity testing may be occurring too late in the product development life cycle.

    We will also discuss how SAE International and Synopsys can help lead the industry in planning cybersecurity strategy and generating solutions using the data points collected in the survey.

    Topics covered include:
    - Survey methodology
    - Industry standards
    - Best practices
    - Professional development
    - Security controls
  • Building a Culture of Secure Programming in your Organisation Recorded: Feb 20 2019 70 mins
    Amanvir Sangha, Consultant, Synopsys
    We all know that fixing defects early in the SDLC is the right approach to building secure software. Security needs to be in every part of the pipeline but it’s often hard to get everybody onboard with software security initiatives.

    Come join us on this webinar to explore how to build a culture of proactive secure programming in your technical organization and how to implement security as an enabler without disrupting the velocity of projects in modern development teams. See how Synopsys tools and services can allow you to build secure, reliable and quality software.
  • Polaris Software Integrity Platform Partner Webinar Recorded: Feb 19 2019 41 mins
    Neal Goldman
    The Polaris Software Integrity Platform™ brings the power of Synopsys Software Integrity products and services together into an integrated solution that enables security and development teams to build secure, high-quality, software faster. Polaris comes as a subscription entitlement with Coverity as well as Black Duck, Seeker and Managed Services. Polaris allows customers to start with a single SIG product subscription (e.g. Coverity) and seamlessly add other products as needed, by providing a unified user experience and deployment architecture.

    In this Partner focused webinar, Neal Goldman, Product Manager of Polaris, will provide an overview of the Polaris Platform and its unique value to our Partners as an Ecosystem Platform. Neal will discuss how Polaris provides a common integration framework for the SIG portfolio, allowing our Application Development, Cloud, Vulnerability Management, and Global System Integrator partners ease of integration into their products and processes. Neal will also discuss how our Partner’s existing integrations into SIG products will continue to be supported and how they will interact with the Polaris platform.
  • The 2018 Open Source Year in Review Recorded: Feb 6 2019 59 mins
    Mark Radcliffe, Partner at DLA Piper & Tony Decicco, Shareholder, GTC Law Group & Affiliates & Phil Odence, GM, Synopsys
    Gain insights into important legal developments from two of the leading open source legal experts, Mark Radcliffe, Partner at DLA Piper and General Counsel for the Open Source Initiative and Tony Decicco, Shareholder, at GTC Law Group & Affiliates.

    This annual review will highlight the most significant legal developments related to open source software in 2018, including:

    •The rising importance of data and licensing considerations
    •Business model problems and the proposed solutions (RedisLabs and MongoDB)
    •Dangerous Legal Theories: core developers as fiduciaries
    •OSS vs. SSO: clash of models
    •Return of Linux patent troll: McHardy
    •The need to extend the scope of an audit to cover web services/APIs
    •The changing tide in open source license adoption
    •Big open source transactions
    •And more

    Live attendees will earn CLE credit for this webinar. Don’t miss out – register today.

    CLE:
    DLA Piper LLP (US) has been certified by the State Bar of California, the Board on Continuing Legal Education of the Supreme Court of New Jersey, and the New York State Continuing Legal Education Board as an accredited CLE provider. The following CLE credit is being sought:
    •California: 1.0 Credit (1.0 General, 0.0 Ethics)
    •New Jersey: 1.2 Credits (1.2 General, 0.0 Professional Responsibility)
    •New York: 1.0 Transitional & Non-Transitional Credit (1.0 Professional Practice, 0.0 Ethics and Professionalism)
    CLE credit will be applied for in other states where DLA Piper has an office with the exception of Minnesota, North Carolina, Pennsylvania, and Puerto Rico.
  • Meeting Enterprise AppSec Needs With Coverity 2018.12 Recorded: Jan 31 2019 51 mins
    Yatin Patil, Product Management, Coverity
    As organizations come to rely heavily on software to perform critical business functions and deliver customer value, cyberattacks have unfortunately become common. Web application attacks were responsible for 38% of data breaches in 2018. Securing these applications is critical to promote customer trust, protect business critical information and the company’s reputation. Fixing vulnerabilities before applications are deployed isn’t just smart, it saves downstream costs too.

    Modern web applications are increasingly reliant on frameworks that simplify the application code but can introduce their own vulnerabilities. In this webinar we discuss how the Coverity 2018.12 release enables organizations to build secure web applications faster. The latest release addresses three increasingly important needs for enterprise application security teams: scalability, broad language and framework support, and comprehensive vulnerability analysis. Building upon its historic advantages in deep, accurate code analysis, Coverity 2018.12 greatly expands upon its coverage of web languages and popular frameworks and makes it fast and easy to analyze applications. The result is applications that are inherently more secure before they are deployed into production.

    In this webinar Yatin Patil, Senior Product Manager for Coverity will cover:
    •Importance of application security testing
    •Enterprise application security best practices
    •What a SAST solution needs to provide
    •Newest features of Coverity 2018.12
  • Managing the Business Risks of Open Source Recorded: Jan 24 2019 61 mins
    Scott Crawford, Research Director for Information Security, 451 Research & Phil Odence, GM, Black Duck by Synopsys
    It’s no secret that “software is eating the world,” as Marc Andreessen once described—and it’s taking entire development communities to support it. Recently, open source has become a primary contributor to software found in the enterprise. According to a 2018 report from the Synopsys Center for Open Source Research & Innovation, the average percentage of open source in codebases examined in Black Duck audits has increased to 57% from only 36% from the previous year. But open source isn’t risk-free—and the implications can have a direct impact on the business.

    Join Scott Crawford, research director for information security with 451 Research, and Phil Odence, general manager of Black Duck On-Demand with Synopsys, to take a closer look at open source risks and the ways that businesses can better evaluate and mitigate them. They’ll cover the following points and more:

    • One of the highest-profile breaches of 2017 was the result of a widely exposed vulnerability in a popular open source application component, exposing millions of personal financial records—and costing business leaders their jobs.
    • In just the last few weeks, the implicit trust on which the open source ecosystem is based has been exploited to steal tangible assets.
    • What’s the real cost of a data breach? In at least one highly visible case, a breach reduced the dollar value of an acquisition by hundreds of millions. As business dependence on open source grows, so too does business exposure.
    • And of course, compliance with open source licenses remains a concern.

    Getting a handle on taming these threats to the business requires an approach that fits with the central role open source plays in the fast-moving world of continuous innovation.
  • Cyber Risk Management Recorded: Jan 23 2019 50 mins
    Per-Olof Persson
    See how Synopsys started the software security journey and is taking an active role in providing industry expertise to help organizations deliver robust software security solutions. We will focus on identifying cyber risks and equip you with solutions to overcome security issues. If you want more than our Q&A at the end of the webinar, visit us in Copenhagen, Denmark. Synopsys will be hosting the Copenhagen Security Symposium at the Carlsberg Museum 6th February 2019.
  • APAC - Building Security In Maturity Model (BSIMM9): Here’s What’s New! Recorded: Jan 10 2019 40 mins
    Olli Jarva, APAC Managing Consultant, Synopsys Software Integrity Group
    The Building Security In Maturity Model (BSIMM) is a study of existing software security initiatives (SSIs). and provide a way to assess the current state of your software security initiative, identify gaps, prioritize change, and determine how and where to apply resources for immediate improvement. In this webinar, Olli Jarva, Managing Consultant, Synopsys Software Integrity Group, will give an introduction to BSIMM and also how organizations can use it before diving into the changes observed in the latest version 9.
  • Black Duck Security Advisories (BDSA): Enhanced Vulnerability Data Recorded: Jan 7 2019 35 mins
    Jeff Michael, Senior Product Manager for Black Duck by Synopsys
    Black Duck Security Advisories (BDSA) has been receiving great reviews from customers. Come learn about the great advantages of BDSA, migrating to BDSA, and have all your questions answered by Jeff Micheal.
  • Black Duck Audit Reporting: The Next Generation Recorded: Dec 18 2018 45 mins
    Emmanuel Tournier, Sr. Manager, Black Duck On-Demand and Phil Odence, GM – Black Duck On-Demand at Synopsys
    You won’t want to miss this webinar, if you have received Black Duck audit reports and anticipate more in the future.

    Black Duck by Synopsys constantly strives to improve our offerings and reporting capabilities. We’ve expanded the range of our audit offerings, and by the first of the year, we’ll be rolling out a new set of reports and a new process for sharing them. Join us for a preview of the new reports and process. Black Duck On-Demand’s Phil Odence and Emmanuel Tournier will demonstrate how we have combined customers’ ideas with the best elements of our reporting to develop new reporting technology and processes designed to make reviewing audit results easier, more insightful, and more productive.
  • Beyond Open Source Compliance: Security in M&A Due Diligence Recorded: Dec 12 2018 30 mins
    Nabil Hannan, Managing Principal, Synopsys
    The headline of Wall Street Journal article from March read “Due Diligence on Cybersecurity Becomes Bigger Factor in M&A.” In April, Gartner reported, “Cybersecurity is Critical to the M&A Due Diligence Process.” Companies that invest in open source license compliance as part of diligence are starting to dive more deeply into security issues.
     
    A first step in assigning the security of software assets is looking at known vulnerabilities in open source components. But, now as part of the Synopsys Software Integrity Group, Black Duck can bring much broader capabilities to bear to analyze the overall security of code assets, including proprietary code.
     
    This webinar will discuss application security issues at a high level and the security services that you can include with a due diligence audit.
  • Secure Your Containers With GitHub and Synopsys Recorded: Nov 6 2018 52 mins
    Bryan Cross, Sr. Solutions Engineer, GitHub; Dave Meurer, Partner Solution Architect, Black Duck by Synopsys
    In April, Synopsys and GitHub spoke about adding “Sec” to DevOps by using solutions that don’t sacrifice speed or agility. Most of the discussion focused on software composition analysis for applications. But DevOps organizations are increasingly adopting container technologies. Do our solutions have what it takes to properly secure the code found in every layer of a container image?

    The answer is yes. With GitHub and Synopsys solutions, you can ensure the code in your containers is secure—from the code you write, to the open source you depend on, and to the operating system components that come with the container. In this live webinar, experts from Synopsys and GitHub will demonstrate solutions that can help keep your container contents secure. Some highlights:

    - The application security tool landscape, and when and where to run these tools
    - Linux component vulnerabilities vs. application component vulnerabilities
    - Demo: GitHub repo to a running container
    - Black Duck CoPilot: It’s free!
  • BSIMM9: Here’s What’s New! Recorded: Oct 25 2018 47 mins
    Mike Ware, Managing Principal, Synopsys
    In early October, we released the latest version of the BSIMM report, BSIMM9. While many things about the report haven’t changed much, it’s the new things that make it really exciting. Mike Ware will give a quick recap of the BSIMM and how organizations can use it before diving into the changes observed in BSIMM9, including these:
    - The incorporation of three new cloud-related activities and what that says about AppSec
    - The addition of retail as a stand-alone vertical
    - The growth in the number of security and developer resources
  • Black Duck 5.0 - Newest Customer Driven Features Recorded: Oct 24 2018 54 mins
    Jeff Michael, Hal Hearst, and Lisa Bryngelson, Senior Product Managers for Black Duck by Synopsys
    Join us on to hear about our exciting new features and functionalities in 5.0. Features requested by you, our customers! Our senior project management team, Jeff Michael, Hal Hearst, and Lisa Bryngelson will cover the latest features and leave plenty of time to answer your questions. In this webinar, we will discuss:

    -Black Duck Binary Analysis
    -Enhanced component management
    -Operational risk policy rules
    -API improvements
    -Infrastructure improvements
Build secure, high-quality software faster.
Synopsys helps development teams build secure, high-quality software, minimizing risks while maximizing speed and productivity. With a combination of industry-leading tools, services, and expertise, only Synopsys helps organizations optimize security and quality in DevSecOps and throughout the software development life cycle.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Software Security Assurance for DevOps - Hewlett Packard Enterprise + Black Duck
  • Live at: Aug 11 2016 3:00 pm
  • Presented by: Michael Right, Senior Product Manager, HPE Security Fortify; Mike Pittenger, VP of Security Strategy, Black Duck
  • From:
Your email has been sent.
or close