Hi [[ session.user.profile.firstName ]]

GDPR and Open Source: Best Practices for Security and Data Protection

Legislators in Europe continue to expand the scope of the laws governing information security and personal data protection. As a result, organizations serving consumers and businesses in the region need to understand the implications these laws will have on their use of open source to build software applications.

During this educational webinar led by Dan Hedley, Partner, IT and Commercial from Irwin Mitchell, we’ll provide guidance on the General Data Protection Regulation (GDPR) and why a comprehensive approach to open source security management is essential for GDPR observance. In addition, we’ll review open source management best practices in context of other industry-specific developments like the Network and Information Services Directive and the Electronic Identification Regulation.
Recorded Jul 25 2017 60 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Daniel Hedley, Partner, Irwin Mitchell; Matt Jacobs, VP and General Counsel, Black Duck Software
Presentation preview: GDPR and Open Source: Best Practices for Security and Data Protection
  • Channel
  • Channel profile
  • Are You Acquiring the Next Big Breach? Security Vulnerabilities & M&A Apr 16 2020 4:00 pm UTC 60 mins
    Hal Hearst, Synopsys. Phil Odence, Synopsys
    Software contains vulnerabilities and if you’re acquiring a company where software is a big part of the deal, you should understand if there is anything in that software that can be exploited.

    Join this live webinar to learn why security is a key piece of tech due diligence and the way your audit vendor manages their security data matters. We’ll cover:

    •Why due diligence has moved beyond license compliance
    •How you (and your vendor) can get a more in-depth view of your vulnerabilities
    •Strategies for understanding your security risks

    Don’t miss this informative webinar. Register today.
  • Why SAST and SCA Together Are Better, Faster, Stronger Mar 25 2020 5:00 pm UTC 60 mins
    Utsav Sanghani, Senior Product Manager, Staff, Synopsys
    Static application security testing (SAST) is critical for uncovering and eliminating issues in proprietary code. However, over 60% of the code in an average application today is composed of open source components. SAST isn’t designed to find open source vulnerabilities (CVEs) or identify open source licenses. And manually maintaining a repository of approved open source components for developers is inefficient and time consuming. That’s where software composition analysis (SCA) comes in.

    Join Utsav Sanghani, product manager, as he explores the benefits of bringing SAST and SCA together. He’ll explain why using an SCA tool to scan open source dependencies is as imperative to a software development strategy as using SAST to test proprietary code. He’ll also demonstrate how developers, by combining SAST and SCA analysis in the IDE, can address issues holistically as they code, saving time and increasing productivity so they can deliver secure, high-quality software faster.
  • Why Lawyers Should Care About Open Source Security in M&A Due Diligence Mar 18 2020 4:00 pm UTC 60 mins
    Matt Jacobs, Synopsys, Jacob Ewers, Synopsys
    As part of the M&A due diligence process, lawyers seek to understand the license compliance risks that come with the use of open source. But what about open source security vulnerabilities that could be lurking in the code being acquired? Minimizing risk and exposure is the name of the game.

    Join this live webinar to learn why an open source security review should be part of every due diligence transaction. We’ll cover:

    •How the audit landscape has shifted to include security
    •The types of security vulnerabilities that can keep you up at night
    •How a security audit can minimize risk

    Don’t miss this informative webinar. Register today.
  • Effective Vulnerability Remediation Requires More than One Data Point Mar 12 2020 4:00 pm UTC 60 mins
    Jeff Michael, Senior Product Manager, Synopsys and Chris Fearon, Director Research Engineering, Synopsys
    The Synopsys Cybersecurity Research Center (CyRC) has a dedicated team of security analysts who specialize in sourcing, curating, and analyzing open source software vulnerabilities. Their vulnerability feed contains timely, accurate vulnerability reports (Black Duck Security Advisories, or BDSAs) with all the relevant, actionable information customers need to optimize remediation efforts.

    BDSAs provide multiple data points that are important to consider when triaging vulnerabilities. Now, Black Duck customers can use this data to automatically prioritize vulnerabilities for remediation. With Black Duck’s advanced policy management and best-in-class vulnerability reports, developers can focus on fixing the most critical vulnerabilities quickly and effectively.

    In this webinar, Chris Fearon, director of research engineering, and Jeff Michael, head of Black Duck product management, will take you through Black Duck’s approach to vulnerability prioritization and explain why informed, focused remediation is the preferred approach to open source security management.
  • Open Source - Fluch oder Segen? Feb 27 2020 11:00 am UTC 60 mins
    Boris Cipot, Senior Security Engineer, Synopsys
    Die Zeiten ändern sich und verlangen immer mehr Aufmerksamkeit. Dies trifft speziell im Bereich Open-Source-Software zu. Die Komplexität gerade in der Technologiebranche ist enorm, gerade wenn der Sicherheitsaspekt eine wichtige Rolle spielt.

    Boris Cipot, Senior Security Engineer von Synopsys stellt die Ergebnisse vom Open Source Monitor vor, eine unabhängige Studie durchgeführt vom Digitalverband Bitkom e.V. in der mehr als 800 Unternehmen mit 100 oder mehr Mitarbeitern zur Verwendung, Integration und Weiterentwicklung von OSS befragt wurden.
  • Why All Open Source Scans Aren’t Created Equal Recorded: Feb 20 2020 58 mins
    Phil Odence & Emmanuel Tournier at Synopsys
    Understanding the risks associated with open source software has become the norm in tech due diligence but not all approaches are created equal. Are you approaching open source diligence in the most efficient and effective way possible? Do you understand the difference between a point in time open source analysis for M&A and ongoing open source management?

    Join us for this live webinar and learn how a purpose-built M&A open source audit differs from open source management tools and why it matters in tech due diligence. We’ll cover:

    •The types of risk around open source software
    •Why depth of analysis matters, and what it results in during M&A diligence
    •Why accuracy, reporting and expert human analysis are keys to thorough diligence

    Don’t miss this informative webinar. Register today.
  • Synopsys Black Duck is now on the VMware Cloud Marketplace Recorded: Feb 18 2020 52 mins
    Tomas Gonzalez, Alliances Engineer, Synopsys & Neeharika Palaka, Cloud Services Business Operations Manager, VMware
    The use of open source software is free, but that doesn’t mean it won’t cost you. Many customers have felt the pain of managing open source software due to security, license, and operational risk concerns. Luckily, Black Duck exists to help you automatically identify the open source software in your applications and easily manage these risks early in your development life cycle. Now the question becomes how and where to deploy Black Duck. If you want the world’s most trusted enterprise cloud, VMware is the place for you. We are proud to announce that Synopsys Black Duck is now published on VMware Cloud Marketplace.

    Join experts from Synopsys and VMware as we discuss:
    •The key capabilities of the VMware Cloud Marketplace
    •How Synopsys customers can leverage Black Duck on Marketplace
    •A Black Duck demo, showing the ability to identify and manage all
    open source software in your applications
  • That's Not How This Works Recorded: Feb 11 2020 52 mins
    Jonathan Knudsen, Technical Marketing Manager, Synopsys
    All Development Should Be Secure Development
    Development teams are pressured to push new software out quickly. But with speed comes risk. Anyone can write software, but if you want to create software that is safe, secure, and robust, you need the right process. Register for this webinar to learn:
    - Why traditional approaches to software development usually end in tears and heartburn
    - How a structured approach to secure software development lowers risk for you and your customers
    - Why automation and security testing tools are key components in the implementation of a secure development life cycle
  • How Open Source Made Me a Better Manager Recorded: Feb 11 2020 56 mins
    Allon Mureinik, Senior Manager
    Management seems like a simple job - you tell people what to do, they do it, rinse, repeat. For bad managers, it really is this simple.

    Good managers do things differently. They let team members affect, if not drive, the team's direction. They allow the best ideas to guide the team's activity, no matter who brings them up. They are not intimidated by non-managers displaying leadership qualities, they encourage them.

    While these sentiments aren't unique to open source, they are the core of open source communities - allowing individuals to exert influence without any official authority. That's why I think working in open source is the best way to learn how to be a good manager, and I'll try to share this concept in my talk.
  • The 2019 Open Source Year in Review Recorded: Jan 23 2020 61 mins
    Mark Radcliffe, Partner at DLA Piper & Tony Decicco, Shareholder, GTC Law Group & Affiliates & Phil Odence, GM, Synopsys
    Gain insights into important legal developments from two of the leading open source legal experts, Mark Radcliffe, partner at DLA Piper and general counsel for the Open Source Initiative, and Tony Decicco, shareholder at GTC Law Group & Affiliates.

    This annual review will highlight the most significant legal developments related to open source software in 2019, including:

    •Evolution of open source: control, sustainability, and politics
    •Litigation update: Cambium and Artifex cases
    •Patents and the open source community
    •Impacts of government sanctions
    •The shift left for compliance and rise of bug bounty programs
    •And much, much more

    Live attendees will earn CLE credit for this webinar. Don’t miss out—register today.

    DLA Piper LLP (US) has been certified by the State Bar of California, the Board on Continuing Legal Education of the Supreme Court of New Jersey, and the New York State Continuing Legal Education Board as an accredited CLE provider.
    The following CLE credit is being sought:
    •California: 1.0 Credit (1.0 General, 0.0 Ethics)
    •New Jersey: 1.2 Credits (1.2 General, 0.0 Professional Responsibility)
    •New York: 1.0 Transitional & Non-Transitional Credit (1.0 Professional Practice, 0.0 Ethics and Professionalism)
    CLE credit will be applied for in other states where DLA Piper has an office with the exception of Minnesota, North Carolina, Pennsylvania, and Puerto Rico.
  • Guide to Application Security: What to Look For and Why Recorded: Jan 22 2020 34 mins
    Utsav Sanghani, Senior Product Manager, Staff, Synopsys; Anna Chiang, Product Marketing Manager, Senior Staff, Synopsys
    If your organization does software development in-house, there are many development workflows and processes to choose from. With all the different AppSec tools available (e.g., SAST, DAST, IAST), how do developers stay productive while ensuring that their code is secure?
    Register for this webinar to learn more about application security and how to leverage it in enterprise application development. You’ll learn:
    - About development workflows and the tools developers need to stay productive
    - How to evaluate different AppSec tools
    - What features to look for in an AppSec tool
  • Best Practices for DevSecOps at Scale Recorded: Jan 21 2020 53 mins
    Andrew van der Stock, Senior Principal Consultant, Managed Services SIG Consulting​, Synopsys
    Today’s security professionals and software developers not only have to do more in less time; they have to do it securely. This means mitigating risk and addressing compliance requirements in an environment where:
    - The threat landscape continues to evolve.
    - Application portfolios and their risk profiles continue to shift.
    - Security tools are difficult to deploy, configure, and integrate into workflows.
    - Consumption models continue to change.
    How can your internal resources keep pace in this dynamic environment? Managed application security testing can be just the relief valve your organization needs. In this webinar, we’ll discuss the need for managed application security testing, the sweet spots where it offers maximum value, what you should look for in a managed application security testing provider, and highlights from Synopsys’ Managed Services offering.
  • Mobile Application Hardening: Protecting Business Critical Apps Recorded: Jan 14 2020 63 mins
    Grant Douglas, Mobile Practice Director, Synopsys and Nikola Cucakovic, Senior Security Consultant, Synopsys
    Mobile application security isn’t always super exciting or challenging. But when it comes to application hardening, things get more interesting. These days, some types of applications go out of their way to defend themselves at runtime, including:

    • Financial apps
    • Multiplayer games
    • Apps that feature DRM-protected content
    • Apps with intellectual property

    Such applications often attempt to protect themselves via internally developed controls, as well as commercial products.
    During this talk, we’ll look at some of the typical controls that Android/iOS applications exhibit, how they work, how to spot them, and how to sidestep them. We’ll demonstrate analysis and techniques using free open source tooling such as Radare and Frida, and for some parts, we’ll use IDA Pro. And since “automation” is the buzzword of the year, we’ll discuss how to automate some of these activities, which typically take up most of the assessment window.
  • The State of Open Source in M&A Transactions Recorded: Dec 12 2019 58 mins
    Chris Stafford, Senior Manager, M&A Advisory West Monroe Partners, Paul Cotter, Senior Architect West Monroe Partners
    With extensive experience in M&A, West Monroe Partners is on the front line of tech due diligence, and they’ve seen a few trends emerge when it comes to open source and M&A deals. Buyers and sellers alike need to understand these trends to get the most value out of any transaction.

    Join us for this live webinar to learn what buyers and sellers need to know and how they operate during a transaction. We’ll cover:

    •Why OSS management should fit into a broader security program
    •How (and when) sellers need to prepare for a transaction
    •How buyers are becoming more sophisticated in transactions

    Don’t miss this informative webinar. Register today.
  • Security Tool Misconfiguration and Abuse Recorded: Dec 11 2019 40 mins
    Thomas Richards, Network and Red Team Practice Director
    As an organization matures its security program, it improves its security posture by using tools and techniques to automate processes such as asset management and discovery, patch management, software deployment, and vulnerability discovery. However, if your tools are improperly configured, they can lead to a total compromise of your network by an attacker. In this talk, we’ll discuss a few cases where penetration testing showed how these tools can be abused, as well as remediation methods to prevent these attacks from occurring.
  • Vulnerabilities in Containerized Production Environments Recorded: Dec 10 2019 58 mins
    Tim Mackey, Principal Security Strategist, Synopsys
    With each new technology cycle, we seek to improve both business efficiency and security. Unfortunately, our legacy practices can severely hold us back from achieving the full potential of our new technology stack. When this occurs, organizations with the most valuable data come under attack first.
    In the webinar, Tim Mackey discusses how this paradigm is playing out within financial services organizations moving from a virtual world to a containerized world. He covers how modern applications differ from those of only a few years ago - and how containerization changes our security paradigms.
  • Static Analysis Security Testing (SAST) in CI/CD – why and how Recorded: Dec 5 2019 37 mins
    Shi Chao, Senior Sales Engineering Manager, Synopsys Software Integrity Group
    Traditionally, and often unfortunately, security has been treated as a secondary and isolated process considered only at the end of the software development lifecycle (SDLC). Noble as their intentions are, it can be frustrating to discover security vulnerabilities at such a late stage.

    With the proliferation of the agile development methodology and CI/CD, is it possible to use a static application security testing (SAST) tool to constantly verify code changes and improve application integrity throughout the SDLC?

    In this webinar, we’ll provide insights into the following:
    - What is SAST? Are SAST tools just glorified grep?
    - What can SAST help you do?
    - Where and how do you apply SAST in CI/CD pipeline?
    - What should you consider when choosing a SAST tool?
  • Implementing DevSecOps With Synopsys and CloudBees Recorded: Nov 28 2019 57 mins
    Meera Rao, Synopsys & Jeff Fry, CloudBees
    As many organizations have learned, sometimes the hard way, DevOps transformation is as much about creating a process and adopting a mindset as it is about acquiring the right tools. But organizations creating a DevOps process shouldn’t neglect to implement security into their pipelines. Synopsys and CloudBees aim to deliver the best of both worlds to customers adopting DevOps: CI/CD optimization and application security testing automation.

    Join experts from Synopsys and CloudBees as we discuss:

    •How CloudBees Core™, built on Jenkins®, helps organizations scale
    CI/CD to a multitude of teams without increasing the administrative burden

    •How to add Synopsys tools Coverity, Black Duck, and Seeker to your pipelines

    •How to leverage the power of Kubernetes with the management of CloudBees Core to orchestrate the use of these tools as part of your SDLC
  • OWASP Top 10 For JavaScript Developers Recorded: Nov 27 2019 66 mins
    Lewis Ardern, Senior Security Consultant, Synopsys
    With the release of the OWASP Top 10 2017, we saw new contenders for the most critical security issues in the web application landscape. Much of the OWASP documentation concerning issues, remediation advice, and code samples focuses on Java, C++, and C#. However, it doesn’t give much attention to JavaScript. JavaScript has drastically changed over the last few years with the release of Angular, React, and Vue, alongside the growing use of Node.js and its libraries and frameworks. This talk will introduce you to the OWASP Top 10 by explaining JavaScript client and server-side vulnerabilities.
  • You’ve Got Your Open Source Audit Report - Now What? Recorded: Nov 14 2019 61 mins
    Tony Decicco & Leon Schwartz, GTC Law, Phil Odence, Synopsys
    Companies’ use of open source software has surpassed the occasional and solidified itself as mainstream. Effectively identifying and managing the compliance and security risks associated with open source software can be a difficult task. Whether you’re acquiring another company, preparing for acquisition or simply wanting to manage the use of open source, the universal first step is to figure out the composition of the code, often via an audit. But what do you do once you have the audit report?

    Join us for this live webinar to learn best practices before and after an open source audit. We’ll cover how to:

    •Select and prepare the code base
    •Get the most out of an audit
    •Implement a third-party software policy
    •And more

    Don’t miss this informative webinar. Register today.
Build secure, high-quality software faster.
Synopsys helps development teams build secure, high-quality software, minimizing risks while maximizing speed and productivity. With a combination of industry-leading tools, services, and expertise, only Synopsys helps organizations optimize security and quality in DevSecOps and throughout the software development life cycle.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: GDPR and Open Source: Best Practices for Security and Data Protection
  • Live at: Jul 25 2017 2:00 pm
  • Presented by: Daniel Hedley, Partner, Irwin Mitchell; Matt Jacobs, VP and General Counsel, Black Duck Software
  • From:
Your email has been sent.
or close