Hi [[ session.user.profile.firstName ]]

What You Need to Know about Software Due Diligence

There’s risk in any M&A transaction but having the right software due diligence approach can help mitigate that risk. If software is a large part of the deal, understanding the legal, security, code and design quality risks in the target’s codebase is key. Do you know the right questions to ask?

Join this live Synopsys webinar to create or tweak your due diligence playbook. We’ll cover:

•Understanding the software due diligence landscape
•The risks to look out for (and why)
•What questions to ask in the process
•How to choose the right audit partner

Don’t miss this informative webinar. Register today!
Live online Mar 24 4:00 pm UTC
or after on demand 60 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Phil Odence, GM Black Duck Audits, Synopsys
Presentation preview: What You Need to Know about Software Due Diligence
  • Channel
  • Channel profile
  • Financial Services Study Shows Why Investing in AppSec Matters Jun 17 2021 3:00 pm UTC 34 mins
    Drew Kilbourne and Larry Ponemon
    If you’re a provider of financial services, then client trust, privacy, and risk management are critical to your success. Therefore, you must protect your organization’s sensitive data from cyber attacks and data breaches. A recent survey of current software security practices in the financial services industry explores the industry’s software security posture and its ability to address security-related issues.

    In this webinar with Drew Kilbourne, managing director, Synopsys and Larry Ponemon, chairman, Ponemon Institute, will review findings from the report and discuss what they mean for the industry at large. Here’s a preview of some key findings:

    - 56% of organizations had experienced an attack resulting in system failure and downtime.
    - 74% were concerned about security vulnerabilities introduced by third-party suppliers, but less than 43% said they require third parties to adhere to cyber security requirements.
    - Only 34% of financial applications are tested for vulnerabilities, and only 25% of respondents were confident in their ability to detect vulnerabilities before going to market.
  • Time is Money - Interactive Application Security Testing at DevOps Speed May 20 2021 4:00 pm UTC 39 mins
    Scott Tolley, Application Security Specialist, Synopsys and Amit Sharma, Application Security Evangelist, Synopsys
    Would you like to find out more about Interactive Application Security Testing (IAST), a new category of AppSec born in the age of DevOps?

    Join Scott Tolley & Amit Sharma (Application Security Specialists) as they discuss how to bridge the gap from DevOps to DevSecOps, without slowing everything down.

    Agenda:
    Application Security trends and challenges in moving from DevOps to DevSecOps
    Introducing IAST and Seeker
    Product Demonstration
    Q&A - come prepared with your questions and we’ll answer live on the webinar.
  • Part 4: Automate the Initiation and Management of Out-of-Band AppSec Activities May 5 2021 12:00 pm UTC 45 mins
    Meera Rao, Senior Director - Product Management (DevOps Solutions)
    The final part in the webinar series provides real-world guidance on how to balance application security activities, including both those that are automated and run inline in your CI/CD pipelines, and the out-of-band activities that are traditionally executed manually. Implementing security gates at strategic places in the CI/CD pipeline to break the build when critical and high vulnerabilities are found keeps teams informed and reduces communication overhead. Just as there must be continuous integration, continuous delivery, and continuous deployment, there also must be continuous collaboration, and continuous communication across development, security, and operations teams.
  • Is IAST the Next Big Thing in AppSec? Apr 22 2021 4:00 pm UTC 60 mins
    Kimm Yeo & Asma Zubair, Synopsys
    Interactive application security testing (IAST) provides distinct advantages over traditional application security testing methods. No matter where you are in your AppSec maturity and test readiness model, you can benefit from real-time vulnerability testing in running applications. If you don’t already have an IAST or dynamic application security testing strategy, now is the time to make one.

    Join us for this live Synopsys webinar to learn why security and development teams are relying on IAST tools to fill the gap between static (SAST) and dynamic testing (DAST). We’ll cover:

    • What IAST is and why you should care
    • How IAST has quickly evolved to speed up modern application security testing
    • How to test and secure new technologies including microservices and serverless computing
    • Where IAST fits into your SDLC
    • What to look for in an IAST tool

    Don’t miss this informative webinar. Register today.
  • Part 3: Reduce the Burden on Developers With Automation Apr 15 2021 1:00 pm UTC 45 mins
    Meera Rao, Senior Director - Product Management (DevOps Solutions)
    Developers are often taught to emphasize functionality over security, and many developers aren’t security experts. For this reason, it’s crucial to ensure they stay aware of the risks of vulnerable code. But training materials are often static and inconvenient to access, using the internet for guidance isn’t consistent or reliable, and remediation advice from tools isn’t necessarily project-aware or product-specific. And unfortunately, security experts are often seen as an impediment to business goals, and they may not be experienced developers. The third part of the webinar series covers developer enablement and avoiding defect management overload.
  • What You Need to Know about Software Due Diligence Mar 24 2021 4:00 pm UTC 60 mins
    Phil Odence, GM Black Duck Audits, Synopsys
    There’s risk in any M&A transaction but having the right software due diligence approach can help mitigate that risk. If software is a large part of the deal, understanding the legal, security, code and design quality risks in the target’s codebase is key. Do you know the right questions to ask?

    Join this live Synopsys webinar to create or tweak your due diligence playbook. We’ll cover:

    •Understanding the software due diligence landscape
    •The risks to look out for (and why)
    •What questions to ask in the process
    •How to choose the right audit partner

    Don’t miss this informative webinar. Register today!
  • Part 2: Common Challenges of Operationalizing Integration Mar 24 2021 1:00 pm UTC 45 mins
    Meera Rao, Senior Director - Product Management (DevOps Solutions)
    In this second part of the webinar series, learn how to build security tools into a continuous integration/continuous delivery pipeline. Topics covered include:
    • How can you ensure that release cycles are not slowed down?
    • How should you manage false positives?
    • How do you satisfy compliance needs?
  • Why SAST and SCA Together Are Better, Faster, Stronger Mar 18 2021 5:00 pm UTC 42 mins
    Utsav Sanghani, Senior Product Manager, Staff, Synopsys
    Static application security testing (SAST) is critical for uncovering and eliminating issues in proprietary code. However, over 60% of the code in an average application today is composed of open source components. SAST isn’t designed to find open source vulnerabilities (CVEs) or identify open source licenses. And manually maintaining a repository of approved open source components for developers is inefficient and time consuming. That’s where software composition analysis (SCA) comes in.

    Join Synopsys expert as he explores the benefits of bringing SAST and SCA together. He’ll explain why using an SCA tool to scan open source dependencies is as imperative to a software development strategy as using SAST to test proprietary code. He’ll also demonstrate how developers, by combining SAST and SCA analysis in the IDE, can address issues holistically as they code, saving time and increasing productivity so they can deliver secure, high-quality software faster.
  • Improve your security posture with IAST Mar 18 2021 4:00 pm UTC 58 mins
    Vishwas Sharma, Senior Sales Engineer, Synopsys
    Application security testing has become more prevalent, leading to the need for more effective tools in the software development life cycle (SDLC). SAST, DAST, and penetration testing (pen testing) usually works well in legacy software development environments. However, with the emergence of new technologies and practices such as containers, microservices, and DevOps, these traditional tools struggle to keep up with the fast pace of modern application delivery.

    Join us as we discuss the benefits of Synopsys award winning Seeker IAST and how it fits into DevSecOps:

    • Complements IAST with SAST and DAST methods by enabling IDE and CI/CD integration making it a true DevsecOps solution.
    • How IAST helps the pen-testing, or pre-production teams to perform one final test before they can sign off the application for end use.
    • How IAST enables the security teams to secure your web apps before they are at risk of costly data breaches
  • Why SAST and SCA Together Are Better, Faster, Stronger Mar 18 2021 9:00 am UTC 42 mins
    Utsav Sanghani, Senior Product Manager, Staff, Synopsys
    Static application security testing (SAST) is critical for uncovering and eliminating issues in proprietary code. However, over 60% of the code in an average application today is composed of open source components. SAST isn’t designed to find open source vulnerabilities (CVEs) or identify open source licenses. And manually maintaining a repository of approved open source components for developers is inefficient and time consuming. That’s where software composition analysis (SCA) comes in.

    Join Synopsys expert as he explores the benefits of bringing SAST and SCA together. He’ll explain why using an SCA tool to scan open source dependencies is as imperative to a software development strategy as using SAST to test proprietary code. He’ll also demonstrate how developers, by combining SAST and SCA analysis in the IDE, can address issues holistically as they code, saving time and increasing productivity so they can deliver secure, high-quality software faster.
  • The Changing Dynamics of AppSec, and Key Lessons You Can Learn Mar 10 2021 6:00 am UTC 63 mins
    Ian Hall, Head of Client Services, APAC, Synopsys
    AppSec is continually evolving as new technologies come to the fore. Just as Cloud has now become ubiquitous, orchestration for containers is also taking hold. How you secure those technologies is important as is who is responsible for leading those efforts and the tools they leverage to do that.

    In this panel discussion, we will identify and analyse some key recent trends in AppSec as well as the emerging activities that organizations are doing to protect themselves and their data.
  • International Women's Day - Choose to Challenge Mar 8 2021 8:00 pm UTC 60 mins
    Deirdre Hanford, Meera Rao, Niyati Shah, Moderated by: Michael Borohovski
    In celebration of International Women’s Day, Synopsys is presenting a talk featuring a panel of strong women: Chief Security Officer Deirdre Hanford, Senior Director of Product Management Meera Rao, and Product Marketing Manager Niyati Shah. They will take questions about navigating gender diversity and women’s empowerment, and share insights on their experiences. Join us in celebrating and recognizing International Women’s Day. For each attendee, Synopsys will donate $5 to Girls Who Code.
  • International Women's Day - Choose to Challenge Mar 8 2021 10:00 am UTC 45 mins
    Caroline Barker-Littley, Head of EMEA Demand Generation Marketing
    In celebration of International Women’s Day, Synopsys' leaders are presenting a webcast featuring: Ilona Herbent, Senior Manager CSM and Molka Elleuch, Cybersecurity Engineer and Per-Olof Persson, Strategic Security Evangelist at Synopsys. They will take questions about on how they #ChooseToChallenge, women’s empowerment and share insights on their experiences. Join us in celebrating and recognising International Women’s Day. For each attendee, Synopsys will donate $5 to Girls Who Code.
  • DevSecOps Practices and Open Source Management Mar 3 2021 7:00 pm UTC 60 mins
    Tim Mackey, Principal Security Strategist for CyRC
    The Synopsys Cybersecurity Research Center (CyRC), in partnership with Censuswide, an international market research consultancy, conducted a survey of 1,500 IT professionals to analyze the tools and processes organizations are employing to integrate open source management into their DevOps practices. The findings highlight some of the challenges organizations face as the pressure for velocity, while building secure, high-quality applications forces DevOps teams to integrate and automate tools and processes effectively.

    Join Tim Mackey, principal security strategist for CyRC, as he examines the findings from the survey and provides recommendations for teams looking to optimize open source management in their DevOps environment. Topics include:

    · The maturity of DevOps adoption and its core challenges
    · The core tools being adopted by teams and how best to use them and when
    · How open source policies are being adopted, enforced, and managed
    · Key strategies for mitigating open source security risk without impacting software delivery schedules
  • 5 Steps to Start Your Software Security Initiative Mar 3 2021 12:00 pm UTC 57 mins
    Eli Erlikhman Managing Principal, Synopsys
    It's 2021, secure software isn't just a nice to its a need to have. If you don't already have a plan for your program it's time for you to build one.

    The Building Software in Maturity Model (BSIMM) can help you measure and understand current levels of success, weakness, and maturity of your organizations’ software security program. BSIMM allows CISOs and other security executives to compare data against their industry peers and pinpoint specific areas of need in their own AppSec programs.

    It this Synopsys webinar, we’ll outline five components to jumpstart an AppSec program, helping you understand how to:

    - Put the “Sec” in DevOps
    - Deploy automation in your software delivery pipeline
    - Modernize software delivery practices, such as: cloud, containers, orchestration, etc.
    - Establish a security satellite within engineering teams
    - Detect and respond to real-time security events
  • 5 Steps to Start Your Software Security Initiative Recorded: Mar 2 2021 57 mins
    Denis Sheridan, Managing Principal
    The Building Software in Maturity Model (BSIMM) can help you measure and understand current levels of success, weakness, and maturity of your organizations’ software security program. BSIMM allows CISOs and other security executives to compare data against their industry peers and pinpoint specific areas of need in their own AppSec programs.
    It this session, we’ll outline five components to jumpstart an AppSec program, helping you understand how to:
    • Put the “Sec” in DevOps
    • Deploy automation in your software delivery pipeline
    • Modernize software delivery practices, such as: cloud, containers, orchestration, etc.
    • Establish a security satellite within engineering teams
    • Detect and respond to real-time security events
  • The Evolution of IAST: Building Security Into Testing Recorded: Feb 25 2021 57 mins
    Featuring Sandy Carielli, Principal Analyst, Forrester & Kimm Yeo, Product Marketing Manager, Synopsys
    Interactive application security testing (IAST) is evolving quickly to become a key DevSecOps tool used to build continuous application security into today’s modern but increasingly complex software ecosystem.

    There’s a growing demand for and shift toward complex composite-based apps, but they involve multiple dev teams as well as new technologies such as microservices, serverless, containers, and mixed deployment approaches (cloud, containers). How do you secure your web, cloud, and microservices applications? How do you balance the speed, quality, and innovation that your customers demanding today?

    Join this live Synopsys webinar to learn why organizations are looking into alternative dynamic security testing solutions, and why next-generation tools such as IAST are here to stay. In this webinar, learn about:

    •Trends in the latest Forrester IAST survey data
    •Developments in continuous testing, test automation, and DevSecOps
    •The role of IAST in testing and reporting

    Don’t miss this informative webinar. Register today.
  • Illustrating the rationale for DevSecOps: A real-world example Recorded: Feb 24 2021 59 mins
    Meera Rao, Senior Director Product Management, Synopsys
    When presenting the rationale for a new cultural practice such as DevSecOps, the first question from leadership tends to be along the lines of “where are the savings coming from?” With that in mind, there are four pillars of DevSecOps where we can emphasize efficiency as it aligns with a return on investment: strategy, people, process, and technology.
  • Give Developers Earlier Feedback to Identify Security Issues Recorded: Feb 24 2021 44 mins
    Ashutosh Kumar, Product Marketing Manager, Staff, Synopsys; James Croall, Director, Technical Product Management at Synopsys
    As part of your DevSecOps strategy, it’s important to implement security tools that help your developers and don’t slow them down. Coverity static application security testing (SAST) provides a developer-centric approach to security testing that aids adoption and helps your development teams write high-quality secure code, without having to be security experts. With SAST tools such as Coverity, developers can get early feedback and identify security issues as they code within their IDE. Coverity can also be seamlessly integrated into different stages of your CI/CD pipelines, which can help automate SAST scans for your needs.
    In this webinar, we’ll cover:
    - Evolving developer needs and best practices for AppSec integration into development workflows
    - How Coverity helps developers get early feedback on security and quality issues in their code with our Code Sight IDE plugin and integrated eLearning courses
    - How Coverity can be seamlessly integrated into your CI/CD pipeline to automatically trigger scans with every pull request, serve as a security gate on the build server, create issue tickets, and more
  • Part 1: Integration of Automated Security Tools in CI/CD Pipelines Recorded: Feb 23 2021 60 mins
    Meera Rao, Senior Director - Product Management (DevOps Solutions)
    Development organizations continue to implement security earlier in the continuous integration/continuous delivery (CI/CD) pipeline. And the benefits of integrating application security (AppSec) tools in the CI/CD pipeline increase the further you shift left in the process. But software security group leaders need to know where AppSec tools should go in the CI/CD workflow, as well as their purposes in different phases. This first part of the webinar series answers some essential questions:

    • How do you pick the right application security tools for your CI/CD pipeline?
    • Where should you integrate your tools in the pipeline?
    • How should you configure the tools?

    This is this first in a four-part series.
Build secure, high-quality software faster.
Synopsys helps development teams build secure, high-quality software, minimizing risks while maximizing speed and productivity. With a combination of industry-leading tools, services, and expertise, only Synopsys helps organizations optimize security and quality in DevSecOps and throughout the software development life cycle.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: What You Need to Know about Software Due Diligence
  • Live at: Mar 24 2021 4:00 pm
  • Presented by: Phil Odence, GM Black Duck Audits, Synopsys
  • From:
Your email has been sent.
or close