Hi [[ session.user.profile.firstName ]]

Litigating Open Source – Lessons learned from Hellwig and McHardy

The next wave of open source compliance challenges is upon us. Historically, enforcement has been a community based effort with an emphasis on “doing the right thing”. In recent years, however, we have seen the emergence of private enforcement and enforcement driven by entities and individuals for purposes of economic gain. In some cases these actions are to enforce legitimate interests arising from, for instance, dual licensing models. In other cases, copyright “trolls” are pressing an agenda. In this webinar, Mark Radcliffe and Bernd Siebers will review some of the current litigation trends, evaluate how the different elements of the open source community are reacting to these trends and offer insights and strategies for avoiding the cross-hairs. This includes taking a closer look at open source cases litigated in 2016 in Germany, including the following questions:

- Are we experiencing a shift in jurisprudence?
- What should users and developers of open source software do to protect themselves?
- What's the contribution of the open source community?
Recorded Mar 23 2017 62 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Mark Radcliffe, DLA Piper; Bernd Siebers, DLA Piper, Phil Odence, Black Duck
Presentation preview: Litigating Open Source – Lessons learned from Hellwig and McHardy
  • Channel
  • Channel profile
  • Time is Money - Interactive Application Security Testing at DevOps Speed Aug 19 2021 4:00 pm UTC 39 mins
    Scott Tolley, Application Security Specialist, Synopsys and Amit Sharma, Application Security Evangelist, Synopsys
    Would you like to find out more about Interactive Application Security Testing (IAST), a new category of AppSec born in the age of DevOps?

    Join Scott Tolley & Amit Sharma (Application Security Specialists) as they discuss how to bridge the gap from DevOps to DevSecOps, without slowing everything down.

    Agenda:
    Application Security trends and challenges in moving from DevOps to DevSecOps
    Introducing IAST and Seeker
    Product Demonstration
    Q&A - come prepared with your questions and we’ll answer live on the webinar.
  • What You Need to Know about Software Due Diligence Jun 23 2021 4:00 pm UTC 61 mins
    Phil Odence, GM Black Duck Audits, Synopsys
    There’s risk in any M&A transaction but having the right software due diligence approach can help mitigate that risk. If software is a large part of the deal, understanding the legal, security, code and design quality risks in the target’s codebase is key. Do you know the right questions to ask?

    Join this live Synopsys webinar to create or tweak your due diligence playbook. We’ll cover:

    •Understanding the software due diligence landscape
    •The risks to look out for (and why)
    •What questions to ask in the process
    •How to choose the right audit partner

    Don’t miss this informative webinar. Register today!
  • Managing open source security risk: Lessons from the 2021 OSSRA report Jun 17 2021 4:00 pm UTC 60 mins
    Mike McGuire, Product Marketing Manager at Synopsys
    Open source has become the foundation for modern software development, but when left unmanaged, it exposes both vendors and consumers to security risks. In fact, 84% of the codebases we audited in 2020 contained a vulnerability, and sixty percent contained a high-risk vulnerability. How are you managing your open source security risks?

    Join this live Synopsys webinar as we explore the findings of our 2021 Open Source Security and Risk Analysis report and what that means to teams like yours. Specific topics include:

    • What it means to manage your open source usage
    • Why you need an accurate inventory of open source components
    • How to prioritize the vulnerabilities to fix
    • Where to integrate testing into your SDLC

    Don’t miss this informative webinar. Register today.
  • Financial Services Study Shows Why Investing in AppSec Matters Jun 17 2021 3:00 pm UTC 34 mins
    Drew Kilbourne and Larry Ponemon
    If you’re a provider of financial services, then client trust, privacy, and risk management are critical to your success. Therefore, you must protect your organization’s sensitive data from cyber attacks and data breaches. A recent survey of current software security practices in the financial services industry explores the industry’s software security posture and its ability to address security-related issues.

    In this webinar with Drew Kilbourne, managing director, Synopsys and Larry Ponemon, chairman, Ponemon Institute, will review findings from the report and discuss what they mean for the industry at large. Here’s a preview of some key findings:

    - 56% of organizations had experienced an attack resulting in system failure and downtime.
    - 74% were concerned about security vulnerabilities introduced by third-party suppliers, but less than 43% said they require third parties to adhere to cyber security requirements.
    - Only 34% of financial applications are tested for vulnerabilities, and only 25% of respondents were confident in their ability to detect vulnerabilities before going to market.
  • The Evolution of IAST: Building Security Into Testing Jun 10 2021 4:00 pm UTC 56 mins
    Featuring Sandy Carielli, Principal Analyst, Forrester & Kimm Yeo, Product Marketing Manager, Synopsys
    Interactive application security testing (IAST) is evolving quickly to become a key DevSecOps tool used to build continuous application security into today’s modern but increasingly complex software ecosystem.

    There’s a growing demand for and shift toward complex composite-based apps, but they involve multiple dev teams as well as new technologies such as microservices, serverless, containers, and mixed deployment approaches (cloud, containers). How do you secure your web, cloud, and microservices applications? How do you balance the speed, quality, and innovation that your customers demanding today?

    Join this live Synopsys webinar to learn why organizations are looking into alternative dynamic security testing solutions, and why next-generation tools such as IAST are here to stay. In this webinar, learn about:

    •Trends in the latest Forrester IAST survey data
    •Developments in continuous testing, test automation, and DevSecOps
    •The role of IAST in testing and reporting

    Don’t miss this informative webinar. Register today.
  • The Security of Applications Supporting the New Remote Lifestyle May 26 2021 6:00 pm UTC 49 mins
    Mike McGuire, Product Marketing Manager, Synopsys; Lisa Bryngelson, Senior Product Manager, Synopsys
    With very little preparation, society was forced to move online as social distancing and shutdown mandates were implemented in an attempt to slow the spread of COVID-19. Numerous parts of our lives that we were accustomed to doing in the physical world are now done virtually—changing the way we work, learn, and interact. As a result, we all developed an increased reliance on mobile applications.

    Using Black Duck® Binary Analysis, Synopsys set out to analyze the security of the most popular Android applications in categories experiencing significant growth throughout the pandemic. Join this live webinar to learn:

    • Which apps were analyzed and the analysis methods used
    • Noteworthy security findings
    • What the findings mean for app developers and consumers alike
  • Integrate AppSec Tools Into DevOps Pipelines Without Slowing Down May 26 2021 5:00 pm UTC 60 mins
    Jason Schmitt, GM of Software Integrity Group at Synopsys and Dan Kennedy, Research Director at 451 Research
    Integrating security testing into continuous integration / continuous delivery or deployment (CI/CD) pipelines requires integrating tool scans for static application security testing (SAST), dynamic application security testing (DAST), or software composition analysis (SCA), which are each performed at different stages of the CI/CD pipeline. These tools each have their own strengths and weaknesses and are complementary to each other. But how long each tool takes to complete a scan affects how often and when they are deployed into a staging or production environment.

    A recent paper by 451 Research shows that production web applications are expected to be largely free of security defects, and the pressures of keeping up with release cycles that deploy more frequently have compelled information security and development teams to better collaborate. Synopsys addresses those challenges with Intelligent Orchestration.

    In this webinar, you’ll learn:

    Why legacy CI/CD approaches can’t keep up with the speed of DevOps
    How Synopsys Intelligent Orchestration:
    - Helps break down silos and leverages a dedicated pipeline that automatically runs the right security tools at the right time
    - Triggers manual testing activities based on software development life cycle events and predefined policies, while also providing continuous metrics and feedback
    - Enables security teams to automate security gates and enforce policies for all applications across their organization, at enterprise scale
  • The Security of Applications Supporting the New Remote Lifestyle May 26 2021 9:00 am UTC 49 mins
    Mike McGuire, Product Marketing Manager, Synopsys; Lisa Bryngelson, Senior Product Manager, Synopsys
    With very little preparation, society was forced to move online as social distancing and shutdown mandates were implemented in an attempt to slow the spread of COVID-19. Numerous parts of our lives that we were accustomed to doing in the physical world are now done virtually—changing the way we work, learn, and interact. As a result, we all developed an increased reliance on mobile applications.

    Using Black Duck® Binary Analysis, Synopsys set out to analyze the security of the most popular Android applications in categories experiencing significant growth throughout the pandemic. Join this live webinar to learn:

    • Which apps were analyzed and the analysis methods used
    • Noteworthy security findings
    • What the findings mean for app developers and consumers alike
  • Is IAST the Next Big Thing in AppSec? May 20 2021 4:00 pm UTC 60 mins
    Kimm Yeo & Eugene Pakhomov, Synopsys
    Interactive application security testing (IAST) provides distinct advantages over traditional application security testing methods. No matter where you are in your AppSec maturity and test readiness model, you can benefit from real-time vulnerability testing in running applications. If you don’t already have an IAST or dynamic application security testing strategy, now is the time to make one.

    Join us for this live Synopsys webinar to learn why security and development teams are relying on IAST tools to fill the gap between static (SAST) and dynamic testing (DAST). We’ll cover:

    • What IAST is and why you should care
    • How IAST has quickly evolved to speed up modern application security testing
    • How to test and secure new technologies including microservices, APIs and more
    • Where IAST fits into your SDLC
    • What to look for in an IAST tool

    Don’t miss this informative webinar. Register today.
  • Why Design Quality Matters in Software Due Diligence May 19 2021 4:00 pm UTC 60 mins
    Ashwin Ala, Professional Services Consultant & Phil Odence, GM, Black Duck Audits at Synopsys
    Design quality audits are often overlooked in software due diligence, but understanding the overall health of a company’s software system is vital to reducing technical debt. Acquiring poorly designed or coded software, can have long term impacts on the viability of the software.

    Join this live Synopsys webinar to learn why having a complete picture of code structure will impact future development. We’ll cover:

    • The importance of design quality
    • Factors to assess during software due diligence
    • Benefits of a design quality audit

    Don’t miss this informative webinar. Register today.
  • 2021 OSSRA Report: Open Source Trends, Risks & Management May 12 2021 4:00 am UTC 58 mins
    Tim Mackey, Principal Security Strategist, Synopsys
    The 2021 Open Source Security and Risk Analysis report (OSSRA) looks at the state of open source use in over 1,250 distinct applications created by organizations in 17 industries. The use of open source continues to grow and businesses of all sizes are now powered by open source software. If left unmanaged, open source may introduce security, quality, and license compliance risks. Are you ready to take control of your open source?

    Join us for this live Synopsys webinar to get a look at our 2021 report results and learn how teams can use the data to inform their overall open source governance plans. We’ll cover:

    • Why open source governance matters
    • The latest trends in open source usage
    • Open source management strategies

    Don’t miss this informative webinar. Register today.
  • Integrating Fuzz Testing into the Cybersecurity Validation Strategy May 11 2021 8:00 am UTC 60 mins
    Dennis Kengo Oka, Principal Automotive Security Strategist , Synopsys & Nico Vinzenz, Security and Connectivity, ZF Group
    Automotive systems are becoming increasingly complex and interconnected, and that makes them more vulnerable to cyber attacks. That's why modern cyber security tools and processes are vital to finding and fixing these vulnerabilities. In this presentation learn about:

    * The automotive cyber security engineering processes 
    * How fuzz testing helps improve product security 
    * An updated cyber security engineering process
  • Part 4: Automate the Initiation and Management of Out-of-Band AppSec Activities Recorded: May 5 2021 54 mins
    Meera Rao, Senior Director - Product Management (DevOps Solutions)
    The final part in the webinar series provides real-world guidance on how to balance application security activities, including both those that are automated and run inline in your CI/CD pipelines, and the out-of-band activities that are traditionally executed manually. Implementing security gates at strategic places in the CI/CD pipeline to break the build when critical and high vulnerabilities are found keeps teams informed and reduces communication overhead. Just as there must be continuous integration, continuous delivery, and continuous deployment, there also must be continuous collaboration, and continuous communication across development, security, and operations teams.
  • A Practical Discussion on Open Source and M&A Due Diligence Recorded: Apr 30 2021 53 mins
    Panel hosted by Anthony Decicco, GTC Law Group & Affiliates
    From FLIGHT Europe... Open source software is everywhere and it is increasingly difficult to realize the full value of open source software, while managing the related compliance, security and other risks, which may have a significant impact on day-to-day operations and exit events (including M&A and IPOs), investment rounds and customer agreements. Join industry experts for a discussion of these topics from the points of view of buyers/investors, sellers/investees and trusted outside technical and legal advisors, with a focus on practical advice and what you should be doing now.
  • Remediating Open Source Software Issues Recorded: Apr 29 2021 52 mins
    Jari Koivisto, Open Source Due Diligence Consultant
    From FLIGHT Europe... Let’s assume that you have had an internal or external software composition analysis, i.e., code scan & audit done. There can be hundreds or thousands of line items in the audit report and you need to think about how to proceed with these license compliance issues.

    In this session, you will learn some strategies for how to mitigate typical open source issues found in the code audit. All of these ideas and strategies come from real life examples I have seen in the audits that were conducted for M&A projects.
  • Ask the Licensing Expert with Miriam Ballhausen Recorded: Apr 29 2021 52 mins
    Miriam Ballhausen, Counsel, Bird & Bird and Matt Jacobs, Director, Legal Counsel, Synopsys
    Get your open source licensing questions answered. Miriam Ballhausen is a software, data protection and copyright lawyer. Her particular experience is in advising on complex IT projects, as well as on collaborative software development, open source programs and the GDPR.
    Working as a Counsel in Bird&Bird’s Technology and Communications Sector Group as well as the Commercial and Privacy and Data Protection Practice Groups, she offers years of expertise in drafting, negotiating and advising on all types of 'classic' IT contracts, software licensing and data protection. She particularly focuses on advising on all legal and commercial matters in connection with open source software, including enforcement actions. Her clients range from leading IT and technology-driven companies to global financial institutions, mid-tier global tech leaders and innovative tech start-ups.
  • Open Source Risk in M&A by the Numbers Recorded: Apr 28 2021 60 mins
    Phil Odence, GM, Black Duck Audits at Synopsys
    In over 1,500 codebases audited in 2020, Black Duck Audits found that nearly every one contained open source components. Not only that, but a significant percentage of “proprietary code” overall was open source. However, left unmanaged, open source can lead to license compliance issues plus security and code quality risks. Whether you’re on the buy side or sell side, these risks could negatively affect valuation in an M&A transaction.

    Many acquirers have come to understand all this in concept; the Black Duck Audit Services group has the data. Join us for this webinar as we answer questions about the code of tech companies being acquired today. We’ll cover:

    • Open source license and security risks by the numbers
    • Why audits have become the norm in M&A tech due diligence
    • How you can get a complete picture of open source risks

    Don’t miss this informative webinar. Register today.
  • 2021 OSSRA Report: Open Source Trends, Risks & Management Recorded: Apr 21 2021 59 mins
    Tim Mackey, Principal Security Strategist, Synopsys
    The 2021 Open Source Security and Risk Analysis report (OSSRA) looks at the state of open source use in over 1,250 distinct applications created by organizations in 17 industries. The use of open source continues to grow and businesses of all sizes are now powered by open source software. If left unmanaged, open source may introduce security, quality, and license compliance risks. Are you ready to take control of your open source?

    Join us for this live Synopsys webinar to get a look at our 2021 report results and learn how teams can use the data to inform their overall open source governance plans. We’ll cover:

    • Why open source governance matters
    • The latest trends in open source usage
    • Open source management strategies

    Don’t miss this informative webinar. Register today.
  • Shifting Left to Accelerate Security Approvals for ATOs in Defense Programs Recorded: Apr 20 2021 56 mins
    Joe Jarzombek, Director for Government & Critical Infrastructure Programs
    Demands for more secure software and more rapid application development have led to the emergence of risk-based DevSecOps, which adds security activities, increases depth, and improves testing governance. The best strategy is to shift from a reactive to a proactive security approach that injects security at the right time and place with automated continuous testing. Arming developers with proven application security tools integrated within their supporting CI/CD toolchains reduces the time and effort needed to achieve authorization for changes in software to operate on a DOD network or weapon system. Key technologies such as static application security testing (SAST) and software composition analysis (SCA) help developers deliver high-quality and more secure codebases in the front end of the pipeline. Mitigating technical debt early in the software development life cycle (SDLC) provides significant cost savings while accelerating the delivery of more secure software.

    Join Joe Jarzombek (USAF Lt. Col., retired) as he discusses means for successfully scaling responsiveness with a secure SDLC. He will cover how:

    •Automated continuous testing can be used throughout the SDLC
    •Catching security defects at the desktop can be like using a spell-checker to drive savings while rapidly mitigating risks attributable to exploitable software
    •Developer productivity can provide more time for creating new features rather than fixing newly entered issues

    Don’t miss this informative webinar. Register today
  • Lunch and Learn Part 3: Reduce the Burden on Developers With Automation Recorded: Apr 15 2021 53 mins
    Meera Rao, Senior Director - Product Management (DevOps Solutions)
    Developers are often taught to emphasize functionality over security, and many developers aren’t security experts. For this reason, it’s crucial to ensure they stay aware of the risks of vulnerable code. But training materials are often static and inconvenient to access, using the internet for guidance isn’t consistent or reliable, and remediation advice from tools isn’t necessarily project-aware or product-specific. And unfortunately, security experts are often seen as an impediment to business goals, and they may not be experienced developers. The third part of the webinar series covers developer enablement and avoiding defect management overload.
Build secure, high-quality software faster.
Synopsys helps development teams build secure, high-quality software, minimizing risks while maximizing speed and productivity. With a combination of industry-leading tools, services, and expertise, only Synopsys helps organizations optimize security and quality in DevSecOps and throughout the software development life cycle.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Litigating Open Source – Lessons learned from Hellwig and McHardy
  • Live at: Mar 23 2017 3:30 pm
  • Presented by: Mark Radcliffe, DLA Piper; Bernd Siebers, DLA Piper, Phil Odence, Black Duck
  • From:
Your email has been sent.
or close