Black Duck® offers the most comprehensive, powerful, and trusted portfolio of application security solutions in the industry. We have an unmatched track record of helping organizations around the world secure their software quickly, integrate security efficiently in their development environments, and safely innovate with new technologies. As the recognized leaders, experts, and innovators in software security, Black Duck has everything you need to build trust in your software.

There are three regulations that every software development team should be aware of: NIST Secure Software Development Framework (SSDF), the EU Cyber Resilience Act (CRA), and the FDA Cybersecurity Requirements for Medical Devices. What’s your regulation IQ? 

Join this webinar to learn how to navigate these regulations to secure your software supply chain. We’ll cover:  

- Key requirements, commonalities, and differences across the three regulations  
- The importance of an SBOM in dependency tracking and risk management 
- Best practices for complying with these cybersecurity standards  

Register now.

Software Supply Chain Security: Navigating NIST, CRA, and FDA Regulations

Leverage the power of policies to flag non-compliant components. With Black Duck SCA policies, create your own rules to determine 'non-compliance'. Join us in this webinar as we explore what policies are, how to configure them and how we can use them within our Black Duck SCA scans.

Black Duck SCA - Policy Management

Open source is widely used in software development because it allows you to create high-quality software quickly - especially with the use of AI-assisted coding tools. But if left unmanaged, open source can lead to license compliance issues as well as security and code quality risks. Whether you’re on the buy side or sell side, these risks could negatively affect valuation in an M&A transaction.

Join this webinar for an inside look at the data Black Duck Audits complied in 2024 from the hundreds of tech transactions and thousands of codebases we audited. We’ll cover:

• Open source license and security risks by the numbers
• Why audits have become the norm in M&A tech due diligence
• How you can get a complete picture of open source risks

By the Numbers: 2025 Open Source Risk in M&A

Embedded systems are a part of our daily lives. Unfortunately, they don't receive the attention they deserve when it comes to security. The list of threats is long, and attacks can cause huge damage. But how can embedded systems be protected? 
 
The webinar covers four main threats: network attacks (e.g., signal jamming, man-in-the-middle), software issues (e.g., malware, weak passwords), physical threats (e.g., reverse engineering), and side-channel attacks (e.g., timing attacks). It emphasizes a security-first approach, including secure communication, regular updates, and strong encryption.
 
Join the webinar to learn:
• Importance of embedded systems and the security threats they face
• Types of threats: network, software, physical, and side-channel
• Protection methods: security-first design, secure communication, regular updates, and strong encryption

Embedded Security Complexity

Discover how to optimize your developer workflow with Code Sight, an innovative IDE plugin that identifies SAST and SCA vulnerabilities earlier in the software development process. Join us to learn how this powerful tool seamlessly integrates with Coverity, Black Duck SCA, and Polaris, empowering your team to shift left in the development lifecycle. Through live demonstrations, we'll showcase how developers can identify and remediate security issues directly within their IDE, reducing rework and enhancing code security before check-in. This webinar will provide actionable insights on implementing Code Sight to help your engineering team write secure code with confidence.

How to use Code Sight to identify and fix SAST and SCA issues from your IDE

As you start down the path of using generative artificial intelligence (GAI) in software development to improve efficiency, reduce costs, and increase revenue, you must also be aware of the associated legal issues. How can you leverage AI and minimize the risk it presents?

Join this webinar in which a panel of legal experts and practitioners will answer your questions about the rise of AI in software development, and how you can responsibly leverage this new technology. We’ll cover:

• The benefits and risks for using AI in software development 
• The evolving legal and regulatory landscape 
• Practical advice for using AI today and into the future

Ask the Experts: AI and Software Development

AI-powered development has greatly increased the rate at which software evolves. But using artificial intelligence as a proxy for security-aware developers introduces a variety of risks to the business.

Organizations must prepare for the complexities of AI-powered development. This requires establishing consistent and scalable DevSecOps initiatives. The discussion will cover

• Innovation and trends in AI-powered software development
• The inherent risks to application security and business operations of using AI and third-party digital artifacts
• Best practices for establishing application security testing and issue remediation within DevOps workflows that include AI
• Ways to use AI to empower developers and reduce the opportunity of an attack

Preparing DevSecOps for AI Development

Securing software takes teamwork—a unified approach from development through testing and into production. But each team has a distinct set of requirements and workflows that need to align to realize a concerted push for security. And while developers influence risk posture, they are often not trained in or focused on software security practices.

How can you make the effort that developers and DevOps teams are already putting in more valuable to the business? What's the best way to cultivate highly security-conscious developers so your software becomes more secure over time? Is there a way to derive tangible benefits for the business, the team, and the individual?

Join us as we break down a five-step process with real-world applicability. Topics include

• The critical distinction between developers' security awareness and their security capability
• Mechanisms to automate risk detection and accelerate remediation across the pipeline, including at the developer desktop
• How to establish security gates in DevOps pipelines in a way that doesn't derail development or lead to missed shipping deadlines
• How to create a DevSecOps initiative that can evolve with the business and enable developers to sustain security requirements as part of their day-to-day
• Ways to maximize security's value to the business and its customers

5 Steps to Achieving Developer-First Security

소프트웨어 공급망을 안전하게 보호하기 위해서는 소프트웨어 코드 안에 무엇이 있는지 알아야 합니다. AI 생성 코드가 도입되고 오픈소스 소프트웨어의 사용이 증가함에 따라, 소프트웨어에 어떤 위험이 내재되어 있는지 파악하는 일이 더욱 중요해졌습니다. 사실 작년만 해도 코드베이스의 81%에서 고위험 또는 극고위험 취약점이 발견되었습니다. 
이번 웨비나에서는 2025 “오픈소스 보안 및 위험 분석” 보고서를 통해 이러한 내용을 살펴봅니다. 

웨비나 주요 내용:  
• 오픈소스 소프트웨어 보안 현황 
• 보안 위험 완화 및 공급망 취약점 관리 요령 
• AI 코딩 도구의 보안 및 IP 위험 방지

2025 오픈소스 보안 및 위험 가이드

AI coding assistants are transforming business, with adoption driven both by developers seeking help and by executives seeking savings. But this evolution should not come at the cost of enterprise security or valuable intellectual property. This session explores the most urgent challenges created by AI-enabled development, contrasted by the most effective methods to mitigate them without breaking DevOps pipelines.  

Whether you are advocating for change or evaluating your options, join us as we discuss:  

- Practical solutions for rapid, automated security testing integrated within CI/CD pipelines 
- AI-powered security tools that help developers to embrace AI and security teams to accelerate at the pace of AI 
- Mechanisms to protect valuable intellectual property as AI code generators leverage licensed source material 
- Emerging attack vectors baked into open source AI models and how to address them

Embrace AI coding assistants while efficiently managing risk

Software is essential in everyday products like cars, medical devices, airplanes, and IoT devices. Bugs and security flaws can have serious impacts on safety, the environment, and your reputation. As AI speeds up software development, it's more important than ever to keep your policies, coding standards, and testing up to date.

In this webinar, we’ll discuss:
- Trends that offer innovation but also increase the risk of costly errors
- Updates to functional safety standards that improve software reliability
- How to reduce supply chain risks by getting a full view of your software
- Strengthening software with thorough testing techniques

Register now to learn practical tips for creating secure, reliable functional safety software in 2025 and beyond.

Building Safe and Reliable Software in 2025

Forcing AppSec tests into developer pipelines, without aligning them to their preferred tools, can lead to inefficiencies and security oversights. Security teams need full risk visibility and developers need to meet shipping deadlines. While developers should not take full responsibility for security testing, they must be able to initiate, support, and benefit from it without changing their existing workflows. 

The most effective and efficient way to accomplish this is with out-of-the-box integrations and security testing templates that work natively with leading DevOps platforms like GitHub, GitLab, and Azure DevOps (ADO) to automate critical AppSec tests and quickly close feedback loops with developers. Join Black Duck as we discuss: 

Using DevOps platforms’ automation templates to embed AppSec into CI pipelines 

- Making security scans and fix pull requests an automatic part of dev workflows 
- Reducing risk and issue backlogs with developer security training and clear fix guidance 
- Accelerating AppSec using AI-enabled DevOps and security tools 

Start making life easier for developers and AppSec teams with integrated security testing for GitHub, GitLab, ADO, and more.

Developer-First Security: How to Automate Security Tests with GitHub, GitLab, and more

Generative artificial intelligence (GAI) will fundamentally change the way that software is built. Whether they are developing or using AI tools, organizations must understand the opportunities and risks involved, and evolve governance, policies and processes to address those risks.

Join this webinar for a deep dive into the issues that arise when using GAI in software development. We’ll cover:

• Open source data and software licenses and risks with AI
• Licensing and clearance considerations for materials used to train AI models
• Licensing considerations in building, training, and using AI models
• A deep dive on GitHub Copilot, including implications of the class action suit

Generative AI, Training Data, Open Source, and GitHub Copilot, Oh My!

The world of application security can be overwhelming for newcomers. The technical jargon, complex solutions, and confusing methodologies make it hard to navigate. It’s essential to understand threat modeling and threat and risk analysis, but that can be difficult without the right guidance.

Here’s the good news: threat modeling at its core is intuitive and adaptable. With the right approach, it can be a powerful tool that helps you understand risks and make informed security decisions while aligning with your organization's unique needs.

In this webinar, we’ll break down the complexity of threat modeling. We'll address common questions and show why it’s a central part of application security. Participants will leave with a clear understanding of
• What threat modeling is and why it matters
• How to tailor threat modeling to fit your organization and industry
• Where to find resources for further learning and practical implementation

Threat Modeling: Charting Your Security Journey

Just as most software assets contain open source, modern software applications commonly include third party software functionality via calls to external web services via APIs. By using web services, developers may be inadvertently signing their companies up to terms of service or using a web service without a suitable agreement. Using these services can expose a company to compliance, security, data privacy, and operational risks that could disrupt or severely affect the business. As part of the tech M&A due diligence process, you should be aware of these web services-related risks so that you can make informed decisions about deal valuation and remediation.
 
Join us for a discussion about web services and how they can affect M&A and other transactions. We’ll cover:
 
• The legal compliance, data privacy, security, and business risks that come with web services
• Typical terms of service and common pitfalls
• Real-world examples of these risks
• How a buyer can get a better understanding of these risks in a target’s codebase or how a seller can prepare for diligence to avoid risks
 
Don’t miss this informative webinar. Register today.

Web Services & APIs: Impact on M&A and Other Transactions

Open source software is at the heart of modern development, but it comes with its own set of challenges. The number of discovered vulnerabilities continues to rise year after year. Staying ahead in this evolving landscape requires not only vigilance but also access to accurate vulnerability data. 
Join us for an exclusive webinar with the Black Duck Vulnerability Research team, where you'll gain insights into their cutting-edge approach to identifying and addressing vulnerabilities in open source software. Discover how their innovative methods empower organizations to detect and remediate vulnerabilities quickly and effectively. 
In this session, you'll learn: 
- How the Black Duck Vulnerability Research team operates and innovates to deliver unparalleled vulnerability insights. 
- Why the quality and accuracy of vulnerability reports are critical to security success. 
- The latest trends and insights shaping the open source vulnerability landscape.

Black Duck Vulnerability Research

There is no shortage of buzz around generative artificial intelligence (GAI). GAI can be used in software development to generate and augment code which saves times and reduces development cycles. But using AI in software development comes with its own set of risks.

Join this webinar to get an introduction to GAI and how you can minimize risk when using it in your organization. We’ll cover:

• What GAI is and how machines learn
• Legal issues with AI including copyright, web scraping, and more
• Overview of current litigation
• Practical approaches to using GAI while minimizing risk

Best Practices for Using AI in Software Development

Kubernetes is known for its ability to scale quickly, but does its security and management keep up with that growth? As your Kubernetes setup expands, it becomes harder to spot and fix potential problems.

Join our experts as they share modern ways to manage Kubernetes clusters and explain how to find misconfigurations and reduce risks.

In this discussion, you'll learn:
- A new way to look at and manage your Kubernetes clusters.
- How to spot dangerous misconfigurations and improve your cluster's security.

Don't miss out on learning how to secure your Kubernetes setup as it grows.

Securing Kubernetes Clusters: Managing Security and Risk

Intellectual property law is crucial to ensuring that you or your organization have exclusive rights to that assets that you’ve created. The BrightTALK intellectual property community has thousands of professionals focused on learning and exchanging information about intellectual property management, intellectual property software and how to protect intellectual property. Join the community for access to free, interactive presentations or attend live webinars to have your questions answered by IP lawyers and industry experts.

Intellectual Property

The legal community on BrightTALK combines the fields of employment law, e-discovery, intellectual property and environmental law to create a thriving ecosystem of legal resources. Attend live and on-demand webinars dealing with employment contract law, e-discovery solutions, intellectual property software and sustainable development from leading lawyers and legal professionals to gain knowledge in a wide range of fields. Join the community and be part of the conversation by attending live legal webinars and connecting with industry thought leaders.

Legal

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

Join thousands of engaged IT professionals in the application management community on BrightTALK. Interact with your peers in relevant webinars and videos on the latest trends and best practices for application lifecycle management, application performance management and application development.

Application Management

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Internal audit and compliance professionals are facing increasingly stringent regulatory requirements when it comes to compliance reporting and internal control procedures. Join the audit and compliance community to learn best practices from thought leaders on topics such as regulatory compliance, internal audit checklists and audit program strategies.

Audit and Compliance

Get powerful market trends insights that are shaping the M

Mergers and Acquisitions

The accounting and finance community on BrightTALK features presentations from leading accountants and finance professionals. The accounting community includes tax planning strategies, QuickBooks webinars and other accounting webinars, while the finance community features presentations on financial capital regulations and forensic data analytics. Join the conversation by attending live financial and accounting presentations and connecting with industry thought leaders.