Hi [[ session.user.profile.firstName ]]

What the Open Source Security & Risk Report Means for Your Security Team

Open source is a great foundation for modern software development, but when left unmanaged, it exposes you to security risks. In the upcoming webinar “What the 2020 OSSRA Report Means for Your Security Team,” we’ll explore the findings of our 2020 Open Source Security and Risk Analysis report and what that means to teams like yours. Specific topics include:

· Why you need an accurate inventory of open source components

· How to prioritize the vulnerabilities to fix

· Where to integrate testing into your SDLC

Join us and together we’ll harness the power of open source without sacrificing the security of your applications.
Recorded Aug 25 2020 37 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Shandra Gemmiti, Product Marketing Manager at Synopsys and Mike McGuire, Product Marketing Manager at Synopsys
Presentation preview: What the Open Source Security & Risk Report Means for Your Security Team
  • Channel
  • Channel profile
  • Are You Acquiring the Next Big Breach? Security Vulnerabilities & M&A Oct 22 2020 4:00 pm UTC 57 mins
    Hal Hearst, Synopsys
    Software contains vulnerabilities and if you’re acquiring a company where software is a big part of the deal, you should understand if there is anything in that software that can be exploited.

    Join this live webinar to learn why security is a key piece of tech due diligence and the way your audit vendor manages their security data matters. We’ll cover:

    •Why due diligence has moved beyond license compliance
    •How you (and your vendor) can get a more in-depth view of your vulnerabilities
    •Strategies for understanding your security risks

    Don’t miss this informative webinar. Register today.
  • BSIMM11: The Evolution of DevSecOps Oct 15 2020 3:30 pm UTC 60 mins
    Eli Erlikhman Managing Principal, Synopsys SIG and Chai Bhat Sr. Product Marketing Manager, Synopsys SIG
    With the emergence of COVID-19, the workforce is more dispersed and far from the secure enterprise environments that they were accustomed to working in. Malicious hackers are seizing the opportunity provided by a much larger and more vulnerable attack surface to launch even more sophisticated attacks. A solid foundation of software security initiatives (SSIs) derived from the best practices of best-of-breed organizations is more important now than ever before.

    The Building Security in Maturity Model (BSIMM) provides just that—it’s a study of existing SSIs. By quantifying the practices of many different organizations, the BSIMM describes the common ground shared by many, as well as the variations that make each unique.

    In this Synopsys webinar, you will learn:
    • Engineering-led vs. software security group-led SSIs
    • “Shift left” becoming “shift everywhere”
    • What leading organizations are doing to address application security
  • The Importance of Fuzzing for Network Protocols Oct 13 2020 5:30 am UTC 60 mins
    Vishwas Sharma, Senior Sales Engineer, Synopsys
    Most security issues are triggered by misuse - and there are an infinite number of ways to misuse a system. Given that you don’t have an infinite amount of time to test for security issues, how will you know when a product is safe enough to ship or deploy?

    Description (paragraph):

    Most security issues are triggered by misuse—and there are an infinite number of ways to misuse a system. Given that you don’t have an infinite amount of time to test for security issues, how will you know when a product is safe enough to ship or deploy? After you’ve analyzed the source code, the next step is to test its dynamic behavior using invalid input testing (fuzzing) that closely imitates what a hacker would do. Fuzzing provides a final test-run before rolling out to avoid costly bug fixes and product recalls.

    Network devices must be able to handle malicious inputs on their interfaces and protocols. Defensics is a model-based stateful protocol fuzzer that is based on popular specifications and has millions of malformed inputs to cover misuse cases that can trigger critical unknown vulnerabilities.

    Join us as we discuss the importance of fuzzing for network protocols and address its use cases:

    Development. Complement SAST methods by integrating fuzzing into CI/CD
    Quality assurance. Perform QA with enhanced test coverage in a manageable time
    Security. Uncover zero day and unknown vulnerabilities before they turn costly Procurement. Ensure robustness, quality, and security of software and devices before introducing them into IT/lab environment
  • Application Security within a Diverse World Oct 8 2020 2:00 pm UTC 60 mins
    Meera Rao, Senior Director Product Management and Ainsley Braun, Product Director, Synopsys
    The challenges the industry faces and how we can help support them.

    Diversity is an ongoing priority - and challenge - for many organisations, especially in the technology space. Research has proven that diversity on a team brings unique benefits, including new perspectives and innovative solutions. These, in turn, contribute to a stronger overall company.

    And yet, in many companies around the world, achieving a diverse workforce is still more aspiration than reality. For instance, despite having International Women’s Day and conversations around gender and sexual-orientation diversity, women and LGBTQ+ individuals remain underrepresented in most companies.

    This webinar focuses on the challenges of diversity within the cybersecurity industry, and what steps companies can take to overcome them. This boils down to recruiting more women, LGBTQ+ individuals, and minorities in terms of race, religion, ethnicity, and even age. Level pay, investing in diverse talent, and empowering voices within a company’s culture all play important roles, as well.

    Join us for this vital webinar to learn how you can promote opportunity for all in your organisation.
  • Give Developers Earlier Feedback to Identify Security Issues Oct 6 2020 5:00 pm UTC 60 mins
    Ashutosh Kumar, Product Marketing Manager, Staff, Synopsys; James Croall, Director, Technical Product Management at Synopsys
    As part of your DevSecOps strategy, it’s important to implement security tools that help your developers and don’t slow them down. Coverity static application security testing (SAST) provides a developer-centric approach to security testing that aids adoption and helps your development teams write high-quality secure code, without having to be security experts. With SAST tools such as Coverity, developers can get early feedback and identify security issues as they code within their IDE. Coverity can also be seamlessly integrated into different stages of your CI/CD pipelines, which can help automate SAST scans for your needs.
    In this webinar, we’ll cover:
    - Evolving developer needs and best practices for AppSec integration into development workflows
    - How Coverity helps developers get early feedback on security and quality issues in their code with our Code Sight IDE plugin and integrated eLearning courses
    - How Coverity can be seamlessly integrated into your CI/CD pipeline to automatically trigger scans with every pull request, serve as a security gate on the build server, create issue tickets, and more
  • Under Pressure – Building Security into Application Development Sep 30 2020 5:30 pm UTC 60 mins
    Patrick Carey, Director Product Marketing, Synopsys and Dave Gruber, Senior Analyst, Enterprise Strategy Group
    A recent study by Enterprise Strategy Group, commissioned by Synopsys, revealed that nearly half of the cybersecurity and development professionals surveyed indicate that their organization knowingly pushes vulnerable code into production due to time pressures. In every sector, development and security teams grapple with the competing demands of development velocity and application security.

    In this webinar, we speak with the study’s author, ESG Senior Analyst, Dave Gruber, about how organizations are working to build security into their development toolchains and processes. Highlights include:

    - Why many organizations’ AppSec programs aren’t as effective as they think.

    - Key attributes of the most successful AppSec programs.

    - Trends and challenges organizations are facing in implementing their AppSec programs.

    - How organizations are working to improve AppSec ROI while simplifying deployments.
  • Free and Open Source License Enforcement and Compliance Sep 30 2020 4:00 pm UTC 60 mins
    Miriam Ballhausen, Bird & Bird & Matt Jacobs, Synopsys
    Free and Open Source software is meant to be used and shared but you must comply with the license obligations. If licensees fail to do so, there may be legal consequences including license enforcement actions. But what does open source license enforcement mean in practice?

    Join this live webinar to get an overview of the risks and enforcement of Free and Open Source Licenses We’ll cover:

    •Understanding the Free and Open Source License landscape
    •What companies should look out for (and how tools may help)
    •Strategies for protecting against enforcement

    Don’t miss this informative webinar. Register today.
  • Accelerating your SDLC Securely using SAST Sep 29 2020 5:00 pm UTC 60 mins
    Nivedita Murthy, Senior Security Consultant, Synopsys
    In today’s fast-paced world, everything needs to move quickly—including development. But organizations can’t compromise on security while delivering products in rapid succession. Modern static application security testing (SAST) tools address this urgent need to identify and secure applications while not impacting production timelines. In this session learn how you can integrate SAST tools in the SDLC and discover the options available to customize and optimize for time-sensitive results. You also learn about some common pitfalls and mistakes that are made while trying to integrate SAST tools into an automation process and DevSecOps. You’ll come away with a better understanding of how to reach a mature and secure software development life cycle and how to use SAST tools effectively in such environments.
  • Fuzz Anything with the Defensics SDK Recorded: Sep 17 2020 57 mins
    Jonathan Knudsen, Technical Marketing Manager, Synopsys
    One challenge of fuzzing is figuring out which malformed inputs (test cases) to use. Generational (or model-based) fuzzing tools use a detailed data model to generate high quality test cases. Because test cases are mostly correct, they traverse a variety of control paths and can drive the target software into a variety of states before “detonating” with a carefully placed anomaly.

    Defensics is a generational fuzzer with over 250 test suites for a wide variety of network protocols and file formats. But what if you need to fuzz something with no corresponding test suite? For proprietary protocols and other specialized fuzzing needs, the Defensics SDK enables you to apply the power of Defensics to any data model you wish.

    This presentation outlines the capabilities of the Defensics SDK and shows how data models and semantics can be defined in code, allowing you to fuzz any type of software in any context.
  • See the Larger Security Picture - Enhancing the Tools You Already Have Recorded: Sep 15 2020 44 mins
    Simon King, VP Solutions, Synopsys Software Integrity Group
    DevOps and Agile development teams work iteratively to deliver customer value faster. They accelerate productivity with external software such as open-source, and external infrastructure such as cloud and containers. But this increases the threat surface and potential security risk. This leads to using more security tools, and complexity associated with managing test results and governance.

    Join Simon King from Synopsys on this journey enabling teams to see the larger security picture – transparently – enhancing the tools you already use.

    In this session you’ll learn about:
    - The challenges associated with managing test execution with multiple tools.
    - The opportunities to streamline communication between teams when coordinating triage and issue remediation.
    - How to make app sec “invisible” to the development team inside your existing CI/CD toolchain.
    - How to manage continuous improvement in risk posture
  • How your Chat application is leaking your .... sensitive pictures Recorded: Sep 15 2020 24 mins
    Tobias Mccurry, Senior Security Consultant, Synopsys Software Integrity Group
    We all put a lot of trust in the applications we use chat with other people. Have you ever wondered what your chat application is doing in the background? How is it storing the message or pictures you send? You are required to login to send and receive messages....or are you? Come see how some of the most popular chat clients send data and if anyone else could see this data.

    We'll begin with the underlining vulnerability of Cross Object Resource Sharing (CORS) and if misconfigured data could be leaked without the user knowing. I’ll cover in details how each client handles messages between clients. Three of the most popular clients were tested to see how well they handle the data transactions.
  • Reduce DevSecOps Friction with Synopsys, CloudBees and Google Cloud Recorded: Aug 27 2020 79 mins
    Meera Rao at Synopsys, Cojan Van Ballegooijen at CloudBees & Rania Mohamed at Google Cloud
    DevOps enables you to release features and bug fixes faster than ever. But, can security keep up? Instead of waiting to fix security vulnerabilities, treat them like any other bug within your DevOps process. This allows you to reduce DevSecOps friction, increase release velocity, improve quality and facilitate collaborative change - just to name a few.

    This webinar will cover how your DevOps strategy can best include security with Synopsys, CloudBees and Google. You’ll learn more about:
    •Integrating the right tools in your DevOps pipeline
    •How Google Cloud Platform (GCP) improves your security posture
    •Beginning your DevSecOps journey with CloudBees CI and easy procurement through the GCP Marketplace
    •The field point of view from Synopsys on CloudBees CI + GCP = secure pipelines
  • What the Open Source Security & Risk Report Means for Your Security Team Recorded: Aug 25 2020 37 mins
    Shandra Gemmiti, Product Marketing Manager at Synopsys and Mike McGuire, Product Marketing Manager at Synopsys
    Open source is a great foundation for modern software development, but when left unmanaged, it exposes you to security risks. In the upcoming webinar “What the 2020 OSSRA Report Means for Your Security Team,” we’ll explore the findings of our 2020 Open Source Security and Risk Analysis report and what that means to teams like yours. Specific topics include:

    · Why you need an accurate inventory of open source components

    · How to prioritize the vulnerabilities to fix

    · Where to integrate testing into your SDLC

    Join us and together we’ll harness the power of open source without sacrificing the security of your applications.
  • Why SAST and SCA Together Are Better, Faster, Stronger Recorded: Aug 25 2020 42 mins
    Utsav Sanghani, Senior Product Manager, Staff, Synopsys
    Static application security testing (SAST) is critical for uncovering and eliminating issues in proprietary code. However, over 60% of the code in an average application today is composed of open source components. SAST isn’t designed to find open source vulnerabilities (CVEs) or identify open source licenses. And manually maintaining a repository of approved open source components for developers is inefficient and time consuming. That’s where software composition analysis (SCA) comes in.

    Join Utsav Sanghani, product manager, as he explores the benefits of bringing SAST and SCA together. He’ll explain why using an SCA tool to scan open source dependencies is as imperative to a software development strategy as using SAST to test proprietary code. He’ll also demonstrate how developers, by combining SAST and SCA analysis in the IDE, can address issues holistically as they code, saving time and increasing productivity so they can deliver secure, high-quality software faster.
  • OpenChain - Reducing Risk and Friction in the Supply Chain Recorded: Aug 20 2020 63 mins
    Andrew Katz, Moorcrofts & Matt Jacobs, Synopsys
    OpenChain standardizes license compliance requirements around the use of open source software in the supply chain. Customers purchasing from an OpenChain compliant company know that the software has been developed in line with a set of documented and tested procedures and that all the relevant meta data (SBOMs and compliance notices) is available. So what does that mean for you?

    Join us for a live webinar to learn why companies like Scania (Volkswagen group), Cisco, ARM, Facebook, Uber, Google, Microsoft, Sony and Qualcomm rely on OpenChain. We’ll cover:

    •The history of OpenChain, steps to compliance and overall benefits
    •How OpenChain scales, and works for companies large and small
    •What happens when the 2.1 specification becomes an ISO standard in September 2020

    Don’t miss this informative webinar. Register today.
  • The DoS goes loop-di-loop Recorded: Aug 13 2020 50 mins
    Allon Mureinik, Senior Manager, Synopsys
    Do you know the common ways Node.js applications may be vulnerable to denial-of-service attacks?

    The single-threaded nature of Node.js makes it very susceptible to DoS attacks. While the Node.js event loop allows you to perform some operations asynchronously, it’s still quite easy to write a vulnerable Node.js application by making a few simple mistakes.

    In this talk, Allon will cover some common ways a Node.js application may be vulnerable to DoS attacks and some common best practices and countermeasures to defend against such attacks.
  • Threat Modeling: A Synopsys Approach Recorded: Aug 12 2020 57 mins
    Chandu Ketkar, Director Security Architecture Practice and Andre Joseph, Principal Consultant at Synopsys
    Including threat modeling early in the software development process can ensure your organization is building security into your applications. For applications that are further along in development or currently launched, it can help you pinpoint the need for additional security testing.
    Threat modeling identifies the types of threats that are applicable in the context of the application and its environment. Knowledge of such threats, along with their likelihood and impact, enables us to secure our design in anticipation, identify security requirements early, and inform downstream security testing.

    There are many threat modeling approaches out there. In this webinar, we provide insights into Synopsys’ threat modeling approach, which has evolved as we’ve conducted threat assessments for various types of applications for our clients.
  • The State of Open Source with Synopsys and Red Hat Recorded: Aug 11 2020 57 mins
    Tim Mackey, Principal Security Strategist at Synopsys & Gordon Haff, Technology Evangelist at Red Hat
    The adoption of open source continues to grow rapidly, both in market share and in its strategic importance to businesses. Understanding how organizations use open source and do so in a way that minimizes risk is therefore essential to both an overall IT strategy and cyber security response plans. These are among the topics we’ll investigate in this joint webinar from Red Hat and Synopsys. Drawing from Red Hat’s “The State of Enterprise Open Source” report, technology evangelist Gordon Haff will explain why IT decision makers value open source so highly and the processes that commercial open source vendors put in place to protect their customers from vulnerabilities.

    At the same time, changing development practices and escalating threats mean that security remains a concern with respect to open source software, as it is for IT more broadly. Tim Mackey, Principal Security Strategist from Synopsys will walk through findings from the Synopsys “2020 Open Source Security and Risk Analysis” report with an eye on how teams can use the data to inform their overall open source governance plans.

    We’ll close with some practical advice about getting the most value from open source software while keeping your organization safe.
  • 5 Steps to Integrate SAST into the DevSecOps Pipeline Recorded: Aug 5 2020 60 mins
    Meera Rao, Senior Director Product Management, Synopsys
    Even software with a solid architecture and design can harbor vulnerabilities, whether due to mistakes or shortcuts. But limited security staff don’t have the resources to perform code reviews and provide remediation guidance on the entire application portfolio. Static analysis, also known as static application security testing (SAST), is an automated way to find bugs, back doors, and other code-based vulnerabilities so the team can mitigate those risks.

    First, though, you must choose a static analysis model that fits your needs. You might have questions such as these:
    - How do I manage false positives?
    - How do I triage the results?
    - What happens to new issues identified?
    - My scan takes hours to complete. How can I use this tool in my DevSecOps pipeline?
    - What is a “baseline scan”?

    Join us as we walk you through the challenges and benefits of integrating a SAST tool into your DevSecOps pipeline and how we’ve helped other organizations with this process.
  • Developing a COVID-19 track and trace app – through the lens of Synopsys Recorded: Jul 30 2020 45 mins
    Ian Ashworth and Bhavin Shah
    Adversaries continuously evolve their behaviours and defenders must respond accordingly. Governments around the world are striving to supplement manual tracing efforts with the adoption of a "Track and Trace" mobile application to help prevent further spread of COVID-19 and regain healthy levels of economic activity. In this short interactive session, Synopsys will discuss the topic as seen through their "security eyes" and with some key takeaways:

    •How to develop applications at speed and remain security-aware?
    •What security measures are considered essential when building any mobile application?
    •Where is your data being recorded and used? Does this feel too much like Big Brother is watching your every move?
    •How can Synopsys support you through your own software development lifecycle?

    This session will run for 35 minutes followed by a 10-minute Q&A session.
Build secure, high-quality software faster.
Synopsys helps development teams build secure, high-quality software, minimizing risks while maximizing speed and productivity. With a combination of industry-leading tools, services, and expertise, only Synopsys helps organizations optimize security and quality in DevSecOps and throughout the software development life cycle.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: What the Open Source Security & Risk Report Means for Your Security Team
  • Live at: Aug 25 2020 3:00 pm
  • Presented by: Shandra Gemmiti, Product Marketing Manager at Synopsys and Mike McGuire, Product Marketing Manager at Synopsys
  • From:
Your email has been sent.
or close