Hi [[ session.user.profile.firstName ]]

Effective Vulnerability Remediation Requires More than One Data Point

The Synopsys Cybersecurity Research Center (CyRC) has a dedicated team of security analysts who specialize in sourcing, curating, and analyzing open source software vulnerabilities. Their vulnerability feed contains timely, accurate vulnerability reports (Black Duck Security Advisories, or BDSAs) with all the relevant, actionable information customers need to optimize remediation efforts.

BDSAs provide multiple data points that are important to consider when triaging vulnerabilities. Now, Black Duck customers can use this data to automatically prioritize vulnerabilities for remediation. With Black Duck’s advanced policy management and best-in-class vulnerability reports, developers can focus on fixing the most critical vulnerabilities quickly and effectively.

In this webinar, Chris Fearon, director of research engineering, and Jeff Michael, head of Black Duck product management, will take you through Black Duck’s approach to vulnerability prioritization and explain why informed, focused remediation is the preferred approach to open source security management.
Recorded Mar 12 2020 41 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Jeff Michael, Senior Product Manager, Synopsys and Chris Fearon, Director Research Engineering, Synopsys
Presentation preview: Effective Vulnerability Remediation Requires More than One Data Point
  • Channel
  • Channel profile
  • Testing security of micro-services, APIs and cloud-native apps Nov 10 2021 5:00 pm UTC 52 mins
    Ainsley Braun, Product Director, Synopsys and John Salomon, Director Continental Europe, Middle East, & Africa FS-ISAC
    How are you security testing APIs, web services, and cloud-native applications? Are you able to test application security without impacting efficiency? Do you have sufficient visibility into sensitive data that your applications handle?

    This session we will be joined by guest speaker John Salomon from FS-ISAC where we discuss ways of ensuring that your security testing is developer friendly, and that your insight into application vulnerabilities and remediation guidance meet your organization’s risk appetite. We will go over ways of ensuring fast, relevant contextual training, and efficient remediation of detected vulnerabilities.
  • Crafting Reps and Warranties to Reduce Open Source Risk in M&A Transactions Sep 22 2021 4:00 pm UTC 46 mins
    Danny Ogburn & Matt Jacobs at Synopsys
    Synopsys is an active acquirer with more than 80 deals over the last 33 years. In addition to having a thorough tech due diligence process, we structure our M&A agreements to minimizing license, security, and code quality risks in the software we’re acquiring. We’re offering a peek at our approach.

    Join us for this webinar as we talk through how to minimize risk and maximize value with every transaction. We’ll cover:

    · The use of open source in targets’ offerings
    · Ensuring intellectual property value
    · Protecting against known vulnerabilities in open source components
    · Other elements of security and code quality
    · How software audits help inform reps and warranties

    Don’t miss this informational webinar. Register today.
  • Managing open source security risk: Lessons from the 2021 OSSRA report Sep 16 2021 4:00 pm UTC 47 mins
    Mike McGuire, Product Marketing Manager at Synopsys
    Open source has become the foundation for modern software development, but when left unmanaged, it exposes both vendors and consumers to security risks. In fact, 84% of the codebases we audited in 2020 contained a vulnerability, and sixty percent contained a high-risk vulnerability. How are you managing your open source security risks?

    Join this live Synopsys webinar as we explore the findings of our 2021 Open Source Security and Risk Analysis report and what that means to teams like yours. Specific topics include:

    • What it means to manage your open source usage
    • Why you need an accurate inventory of open source components
    • How to prioritize the vulnerabilities to fix
    • Where to integrate testing into your SDLC

    Don’t miss this informative webinar. Register today.
  • Managing open source security risk: Lessons from the 2021 OSSRA report Sep 16 2021 9:00 am UTC 47 mins
    Mike McGuire, Product Marketing Manager at Synopsys
    Open source has become the foundation for modern software development, but when left unmanaged, it exposes both vendors and consumers to security risks. In fact, 84% of the codebases we audited in 2020 contained a vulnerability, and sixty percent contained a high-risk vulnerability. How are you managing your open source security risks?

    Join this live Synopsys webinar as we explore the findings of our 2021 Open Source Security and Risk Analysis report and what that means to teams like yours. Specific topics include:

    • What it means to manage your open source usage
    • Why you need an accurate inventory of open source components
    • How to prioritize the vulnerabilities to fix
    • Where to integrate testing into your SDLC

    Don’t miss this informative webinar. Register today.
  • PCI meets DevSecOps: Hazard or Opportunity? Sep 15 2021 4:00 pm UTC 30 mins
    Stephen Gardner, Managing Consultant, Synopsys
    Under pressure to build software faster and cheaper, engineering teams are adopting DevOps. Does this ruin the pathway to application security, or does DevSecOps enable new efficiencies for security as well as engineering?

    Join this live webinar as we discuss DevSecOps best practices, and how these align with Application Security elements of PCI. We’ll cover:

    • Software security in PCI
    • DevSecOps: What and why?
    • Pros and Cons of DevSecOps in a PCI regulated environment

    Don’t miss this informative webinar. Register today.
  • Software Audits: The Good, the Bad, & the Ugly Aug 25 2021 4:00 pm UTC 60 mins
    Phil Odence, Synopsys
    Interview with an Auditor: Best Practices in M&A Tech Due Diligence

    The Black Duck Audit Services team dives into over 1,500 codebases a year, so we've seen things – lots of things. Whether your acquiring a company where the software is a big part of the deal or prepping for a sale, it’s always good to know what’s lurking in the code. You may be pleasantly surprised or a little concerned - but understanding risk is the key to managing risk.

    Join us for a live webinar as we share some real-world examples of audits - anonymous, of course - that range from very smooth to a little rocky, to help you understand the software due diligence process. We’ll cover:

    • Open source risk in M&A by the numbers
    • How to make the most of an audit
    • An auditors perspective on best (and worst) practices
    • Practical advice on how to prepare for the due diligence process

    Don’t miss this informative webinar, Register today.
  • Container Security Essentials Aug 19 2021 5:00 pm UTC 60 mins
    David Benas, Associate Principal Consultant, Synopsys
    As the popularity of cloud-native applications continues to surge, containers are becoming the preferred option to package and deploy these applications because of the agility and scalability they deliver. According to Gartner, “by 2022, more than 75% of global organizations will be running containerized applications in production.”

    The popularity of containers has also attracted the attention of hackers who are constantly looking for new ways to exploit them. Containers expand an organization’s attack surface and increase the risk to the applications they house. A comprehensive approach for container security is required to mitigate the risk to containerized applications and infrastructure.

    In this webinar, we’ll outline the essential elements required to secure your container environments, including:
    • Understanding what containers are (and aren’t)
    • How to look at container security holistically
    • The top threats to container landscapes
    • Relevant case studies
  • Time is Money - Interactive Application Security Testing at DevOps Speed Aug 19 2021 4:00 pm UTC 39 mins
    Scott Tolley, Application Security Specialist, Synopsys and Amit Sharma, Application Security Evangelist, Synopsys
    Would you like to find out more about Interactive Application Security Testing (IAST), a new category of AppSec born in the age of DevOps?

    Join Scott Tolley & Amit Sharma (Application Security Specialists) as they discuss how to bridge the gap from DevOps to DevSecOps, without slowing everything down.

    Agenda:
    Application Security trends and challenges in moving from DevOps to DevSecOps
    Introducing IAST and Seeker
    Product Demonstration
    Q&A - come prepared with your questions and we’ll answer live on the webinar.
  • 2021 OSSRA Report: Open Source Trends, Risks & Management Aug 11 2021 4:00 pm UTC 59 mins
    Tim Mackey, Principal Security Strategist, Synopsys
    The 2021 Open Source Security and Risk Analysis report (OSSRA) looks at the state of open source use in over 1,250 distinct applications created by organizations in 17 industries. The use of open source continues to grow and businesses of all sizes are now powered by open source software. If left unmanaged, open source may introduce security, quality, and license compliance risks. Are you ready to take control of your open source?

    Join us for this live Synopsys webinar to get a look at our 2021 report results and learn how teams can use the data to inform their overall open source governance plans. We’ll cover:

    • Why open source governance matters
    • The latest trends in open source usage
    • Open source management strategies

    Don’t miss this informative webinar. Register today.
  • 2021 OSSRA Report: Open Source Trends, Risks & Management Aug 11 2021 9:00 am UTC 59 mins
    Tim Mackey, Principal Security Strategist, Synopsys
    The 2021 Open Source Security and Risk Analysis report (OSSRA) looks at the state of open source use in over 1,250 distinct applications created by organizations in 17 industries. The use of open source continues to grow and businesses of all sizes are now powered by open source software. If left unmanaged, open source may introduce security, quality, and license compliance risks. Are you ready to take control of your open source?

    Join us for this live Synopsys webinar to get a look at our 2021 report results and learn how teams can use the data to inform their overall open source governance plans. We’ll cover:

    • Why open source governance matters
    • The latest trends in open source usage
    • Open source management strategies

    Don’t miss this informative webinar. Register today.
  • Is IAST the Next Big Thing in AppSec? Aug 4 2021 5:30 am UTC 59 mins
    Kimm Yeo & Eugene Pakhomov, Synopsys
    Interactive application security testing (IAST) provides distinct advantages over traditional application security testing methods. No matter where you are in your AppSec maturity and test readiness model, you can benefit from real-time vulnerability testing in running applications. If you don’t already have an IAST or dynamic application security testing strategy, now is the time to make one.

    Join us for this live Synopsys webinar to learn why security and development teams are relying on IAST tools to fill the gap between static (SAST) and dynamic testing (DAST). We’ll cover:

    • What IAST is and why you should care
    • How IAST has quickly evolved to speed up modern application security testing
    • How to test and secure new technologies including microservices, APIs and more
    • Where IAST fits into your SDLC
    • What to look for in an IAST tool

    Don’t miss this informative webinar. Register today.
  • Integrating Fuzz Testing into the Cybersecurity Validation Strategy Aug 3 2021 6:00 pm UTC 52 mins
    Dennis Kengo Oka, Principal Automotive Security Strategist , Synopsys & Nico Vinzenz, Security and Connectivity, ZF Group
    Automotive systems are becoming increasingly complex and interconnected, and that makes them more vulnerable to cyber attacks. That's why modern cyber security tools and processes are vital to finding and fixing these vulnerabilities. In this presentation learn about:

    * The automotive cyber security engineering processes 
    * How fuzz testing helps improve product security 
    * An updated cyber security engineering process
  • Integrating Fuzz Testing into the Cybersecurity Validation Strategy Aug 3 2021 8:00 am UTC 52 mins
    Dennis Kengo Oka, Principal Automotive Security Strategist , Synopsys & Nico Vinzenz, Security and Connectivity, ZF Group
    Automotive systems are becoming increasingly complex and interconnected, and that makes them more vulnerable to cyber attacks. That's why modern cyber security tools and processes are vital to finding and fixing these vulnerabilities. In this presentation learn about:

    * The automotive cyber security engineering processes 
    * How fuzz testing helps improve product security 
    * An updated cyber security engineering process
  • Is IAST the Next Big Thing in AppSec? Recorded: Jul 22 2021 59 mins
    Kimm Yeo & Eugene Pakhomov, Synopsys
    Interactive application security testing (IAST) provides distinct advantages over traditional application security testing methods. No matter where you are in your AppSec maturity and test readiness model, you can benefit from real-time vulnerability testing in running applications. If you don’t already have an IAST or dynamic application security testing strategy, now is the time to make one.

    Join us for this Synopsys webinar to learn why security and development teams are relying on IAST tools to fill the gap between static (SAST) and dynamic testing (DAST). We’ll cover:

    • What IAST is and why you should care
    • How IAST has quickly evolved to speed up modern application security testing
    • How to test and secure new technologies including microservices, APIs and more
    • Where IAST fits into your SDLC
    • What to look for in an IAST tool

    Don’t miss this informative webinar. Register today.
  • Is IAST the Next Big Thing in AppSec? Recorded: Jul 22 2021 59 mins
    Kimm Yeo & Eugene Pakhomov, Synopsys
    Interactive application security testing (IAST) provides distinct advantages over traditional application security testing methods. No matter where you are in your AppSec maturity and test readiness model, you can benefit from real-time vulnerability testing in running applications. If you don’t already have an IAST or dynamic application security testing strategy, now is the time to make one.

    Join us for this live Synopsys webinar to learn why security and development teams are relying on IAST tools to fill the gap between static (SAST) and dynamic testing (DAST). We’ll cover:

    • What IAST is and why you should care
    • How IAST has quickly evolved to speed up modern application security testing
    • How to test and secure new technologies including microservices, APIs and more
    • Where IAST fits into your SDLC
    • What to look for in an IAST tool

    Don’t miss this informative webinar. Register today.
  • The Hidden Secrets of Software Security Recorded: Jul 22 2021 61 mins
    Sharlton Shadrac J
    Due to rapidly evolving digital technologies across industries including finance, healthcare, and the public sector, companies are collecting and processing larger amount of personal data than ever before. And as companies become more digitized, they must take appropriate steps in their application security processes to ensure that data is protected.

    A breach can ruin the reputation of a well-established company, and breaches happen every single day. When a product is developed the quality, performance, scalability, and maintainability must be considered from the very beginning. Firms should also ensure that security is an integral part of the development.

    In this webinar session, you will learn

    • Where the real problem lies for software security
    • Why robust and secure software needs forethought and planning
    • Why different personas need different software security touchpoints
    • What the OWASP Top 10 is and why it’s important in software security
  • What You Need to Know about Software Due Diligence Recorded: Jul 21 2021 61 mins
    Phil Odence, GM Black Duck Audits, Synopsys
    There’s risk in any M&A transaction but having the right software due diligence approach can help mitigate that risk. If software is a large part of the deal, understanding the legal, security, code and design quality risks in the target’s codebase is key. Do you know the right questions to ask?

    Join this live Synopsys webinar to create or tweak your due diligence playbook. We’ll cover:

    •Understanding the software due diligence landscape
    •The risks to look out for (and why)
    •What questions to ask in the process
    •How to choose the right audit partner

    Don’t miss this informative webinar. Register today!
  • Getting your Organization ready for ISO/SAE 21434 Recorded: Jul 20 2021 58 mins
    Dennis Kengo Oka, Principal Automotive Security Strategist, & Chris Clark, Global Solutions, Synopsys
    The latest ISO/SAE 21434 standard will be released in September to help automotive companies address cyber security for the entire vehicle life cycle.

    We will provide an overview of the ISO/ SAE FDIS 21434 Cybersecurity Engineering standard in our presentation. Join this Synopsys webinar to learn about:
    • Critical organizational cybersecurity topics assisting with your preparation for the new standard
    • Relevant cybersecurity activities and solutions for secure product development
    • Practical examples of tooling to help fulfil requirements in the software development process
  • Getting your Organization ready for ISO/SAE 21434 Recorded: Jul 20 2021 58 mins
    Dennis Kengo Oka, Principal Automotive Security Strategist, & Chris Clark, Global Solutions, Synopsys
    The latest ISO/SAE 21434 standard will be released in September to help automotive companies address cyber security for the entire vehicle life cycle.

    We will provide an overview of the ISO/ SAE FDIS 21434 Cybersecurity Engineering standard in our presentation. Join this Synopsys webinar to learn about:
    • Critical organizational cybersecurity topics assisting with your preparation for the new standard
    • Relevant cybersecurity activities and solutions for secure product development
    • Practical examples of tooling to help fulfil requirements in the software development process
  • The Evolution of IAST: Building Security Into Testing Recorded: Jul 7 2021 57 mins
    Featuring Sandy Carielli, Principal Analyst, Forrester & Kimm Yeo, Product Marketing Manager, Synopsys
    Interactive application security testing (IAST) is evolving quickly to become a key DevSecOps tool used to build continuous application security into today’s modern but increasingly complex software ecosystem.

    There’s a growing demand for and shift toward complex composite-based apps, but they involve multiple dev teams as well as new technologies such as microservices, serverless, containers, and mixed deployment approaches (cloud, containers). How do you secure your web, cloud, and microservices applications? How do you balance the speed, quality, and innovation that your customers demanding today?

    Join this live Synopsys webinar to learn why organizations are looking into alternative dynamic security testing solutions, and why next-generation tools such as IAST are here to stay. In this webinar, learn about:

    •Trends in the latest Forrester IAST survey data
    •Developments in continuous testing, test automation, and DevSecOps
    •The role of IAST in testing and reporting

    Don’t miss this informative webinar. Register today.
Build secure, high-quality software faster.
Synopsys helps development teams build secure, high-quality software, minimizing risks while maximizing speed and productivity. With a combination of industry-leading tools, services, and expertise, only Synopsys helps organizations optimize security and quality in DevSecOps and throughout the software development life cycle.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Effective Vulnerability Remediation Requires More than One Data Point
  • Live at: Mar 12 2020 4:00 pm
  • Presented by: Jeff Michael, Senior Product Manager, Synopsys and Chris Fearon, Director Research Engineering, Synopsys
  • From:
Your email has been sent.
or close