Hi [[ session.user.profile.firstName ]]

Is Your Software Supply Chain a Security Mystery?

One of the biggest challenges companies face with third-party software is lack of visibility into the vulnerabilities it introduces in their codebase. There have been major security breaches attributed to exploits of vulnerabilities in the open source frameworks used by Fortune 100 companies in education, government, financial services, retail, and media.

These incidents highlight the need for organizations to carefully manage their supply chain, including the open source code in the third-party and commercial software they use. The goal is to protect themselves—and their customers—from the consequences of catastrophic security breaches.

This session explores:
1) How to make your supply chain more resilient from open source and commercial third-party code risks
2) The types of risks faced by organizations as consumers and producers of software
3) The types of activities organizations should be performing to secure the supply chain
4) The tools, services, and frameworks available to help you get started
Recorded Jun 16 2021 58 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Ian Hall, Head of Client Services, APAC
Presentation preview: Is Your Software Supply Chain a Security Mystery?
  • Channel
  • Channel profile
  • Managing open source security risk: Lessons from the OSSRA report Jan 12 2022 7:00 pm UTC 47 mins
    Mike McGuire, Product Marketing Manager at Synopsys
    Open source has become the foundation for modern software development, but when left unmanaged, it exposes both vendors and consumers to security risks. In fact, 84% of the codebases we audited in 2020 contained a vulnerability, and sixty percent contained a high-risk vulnerability. How are you managing your open source security risks?

    Join this live Synopsys webinar as we explore the findings of our 2021 Open Source Security and Risk Analysis report and what that means to teams like yours. Specific topics include:

    • What it means to manage your open source usage
    • Why you need an accurate inventory of open source components
    • How to prioritize the vulnerabilities to fix
    • Where to integrate testing into your SDLC

    Don’t miss this informative webinar. Register today.
  • Managing open source security risk: Lessons from the OSSRA report Jan 12 2022 10:00 am UTC 47 mins
    Mike McGuire, Product Marketing Manager at Synopsys
    Open source has become the foundation for modern software development, but when left unmanaged, it exposes both vendors and consumers to security risks. In fact, 84% of the codebases we audited in 2020 contained a vulnerability, and sixty percent contained a high-risk vulnerability. How are you managing your open source security risks?

    Join this live Synopsys webinar as we explore the findings of our 2021 Open Source Security and Risk Analysis report and what that means to teams like yours. Specific topics include:

    • What it means to manage your open source usage
    • Why you need an accurate inventory of open source components
    • How to prioritize the vulnerabilities to fix
    • Where to integrate testing into your SDLC

    Don’t miss this informative webinar. Register today.
  • Benefits of an SBOM Across the Software Supply Chain Dec 8 2021 7:00 pm UTC 60 mins
    Dr. Allan Friedman, Cybersecurity and Infrastructure Security Agency & Phil Odence, Synopsys
    Software is everywhere. And for organizations dependent on software, understanding and managing the software supply chain is vital. Changes to your software supply chain may have ripple effects for your business. How do you manage that?

    Join us for this Synopsys webinar to learn why a software Bill of Materials (SBOM) is an important tool in managing your software supply chain. We’ll cover:

    • What an SBOM is and what role it plays in the supply chain
    • How to efficiently manage the software supply chain
    • What happens when something goes wrong with a link in the chain

    Don’t miss this informative webinar. Register today.
  • That's Not How This Works - All Development Should Be Secure Development Dec 2 2021 11:00 am UTC 52 mins
    Jonathan Knudsen, Senior Security Strategist
    All Development Should Be Secure Development
    Development teams are pressured to push new software out quickly. But with speed comes risk. Anyone can write software, but if you want to create software that is safe, secure, and robust, you need the right process. Register for this webinar to learn:
    - Why traditional approaches to software development usually end in tears and heartburn
    - How a structured approach to secure software development lowers risk for you and your customers
    - Why automation and security testing tools are key components in the implementation of a secure development life cycle
  • Your Developers Aren’t Security Experts - But They Can Be With the Right Tools Nov 25 2021 6:00 am UTC 52 mins
    Patrick Carey, Director Product Marketing, Synopsys and Sandy Carielli, Principal Analyst, Forrester Research, Inc.
    Securing your applications is critical, but maintaining release velocity and developer productivity is just as important. Let’s face it: Developers aren’t security experts. They unwittingly introduce security weaknesses and vulnerable open source components into your applications, and they’re ultimately responsible for fixing any issues that surface. But what if you could equip developers with the tools and information they need to prevent security issues from ever making it into your codebase, without creating unnecessary friction or slowing them down?

    Join guest presenter Sandy Carielli, Principal Analyst, Forrester Research, Inc., and Patrick Carey, Synopsys, as they discuss the benefits of IDE-based security testing and the role developers can play in securing your applications.
  • Automate the Initiation and Management of Out-of-Band AppSec Activities Nov 23 2021 6:00 pm UTC 54 mins
    Meera Rao, Senior Director - Product Management (DevOps Solutions)
    Implementing security gates at strategic places in the CI/CD pipeline to break the build when critical and high vulnerabilities are found keeps teams informed and reduces communication overhead. Just as there must be continuous integration, continuous delivery, and continuous deployment, there also must be continuous collaboration, and continuous communication across development, security, and operations teams.
    Listen is as DevOps guru, Meera Rao, provides real-world guidance on how to balance application security activities including both those that are automated and run inline in your CI/CD pipelines, and the out-of-band activities that are traditionally executed manually.
  • BSIMM12: Metrics Driven Software Security Nov 23 2021 9:00 am UTC 42 mins
    Jacob Ewers, Principal Consultant at Synopsys
    The past two years have delivered major disruptions for supply chains. In 2020 alone supply chain disruptions were up 67%. If you find yourself fielding questions on what else you AppSec program is doing to keep the organization secure, this may be why. How you respond to those questions matters. While people like to hear you’re doing more, more isn’t better unless it’s done at the right time and place.

    This upcoming webinar talks about the Building Security in Maturity Model (BSIMM) and how it measures your security program. With real data, you can have real conversations about what’s happening and what needs done. Tune in to hear how your peers are:

    • Learning how to translate risk into actionable data
    • Increasing their security capabilities for open source, cloud, and container security
    • Lending security resources, staff, and knowledge to DevOps practices
  • Implementing SAST into your SDLC: What to look for & what to consider Nov 18 2021 11:00 am UTC 51 mins
    Rob Haines, Senior Sales Engineer, Synopsys
    So you’ve decided (or been told) that you need to implement SAST in your software development process. But SAST is not a one-size-fits-all solution, and implementation often requires a compromise between technology, time, process, and people—especially people. In this webinar, we’ll look at common objections and pitfalls that you might encounter along the way.

    We'll cover:
    • Considerations for implementing SAST
    • Importance of the process (getting a good return on your investment)
    • Characteristics to look for in tools
  • Application Security and M&A: Minimizing Security Risk Nov 17 2021 7:00 pm UTC 60 mins
    Pooja Garg & Phil Odence, Synopsys
    Today’s software is often compiled using a combination of proprietary and open source code, and not all developers build security into that process. If you’re acquiring a company for its software, you should understand if there is anything in that software that can be exploited.

    Join this live webinar to get an understanding of the software development process and how security vulnerabilities can impact M&A. We’ll cover:

    • Application security 101
    • Why security matters in M&A
    • Strategies for understanding and minimizing security risks

    Don’t miss this informative webinar. Register today.
  • Application security risks in FSI by the numbers Nov 17 2021 10:00 am UTC 53 mins
    Mike McGuire, Product Marketing Manager, Synopsys
    We trust that financial applications and software are secure because of the sensitive nature of the information they manage and contain. But based on the numbers, we should be very concerned.

    Join us for this live Synopsys webinar to get an inside look at how prevalent mobile application security and open source risks are today, and the steps you can take to become more secure. We’ll cover:

    • Report methodology and findings for FSI
    • The types of risks to be aware of
    • What the numbers mean for security teams
    • Strategies to reduce AppSec risks
  • Remote Security Testing & Training: Busting Myths and Offering Solutions Nov 11 2021 6:00 am UTC 63 mins
    Sandesh Mysore Anand, Managing Consultant at Synopsys and Rakshitha R Rao, Security Consultant at Synopsys
    While digital transformation and BYOD have allowed many IT activities to occur remotely, many enterprises still prefer to perform security testing on-site. Concerns about data security, network/application accessibility, assessment quality and project management have discouraged teams from making the leap. In this webinar, we leverage lessons learned from many years of delivering Managed Application Security Services to provide guidelines on addressing these concerns and offer solutions on how to conduct remote security testing and security training.
  • 2021 OSSRA Report: Open Source Trends, Risks & Management Nov 10 2021 7:00 pm UTC 59 mins
    Tim Mackey, Principal Security Strategist, Synopsys
    The 2021 Open Source Security and Risk Analysis report (OSSRA) looks at the state of open source use in over 1,250 distinct applications created by organizations in 17 industries. The use of open source continues to grow and businesses of all sizes are now powered by open source software. If left unmanaged, open source may introduce security, quality, and license compliance risks. Are you ready to take control of your open source?

    Join us for this live Synopsys webinar to get a look at our 2021 report results and learn how teams can use the data to inform their overall open source governance plans. We’ll cover:

    • Why open source governance matters
    • The latest trends in open source usage
    • Open source management strategies

    Don’t miss this informative webinar. Register today.
  • Testing security of micro-services, APIs and cloud-native apps Nov 10 2021 5:00 pm UTC 52 mins
    Ainsley Braun, Product Director, Synopsys and John Salomon, Director Continental Europe, Middle East, & Africa FS-ISAC
    How are you security testing APIs, web services, and cloud-native applications? Are you able to test application security without impacting efficiency? Do you have sufficient visibility into sensitive data that your applications handle?

    This session we will be joined by guest speaker John Salomon from FS-ISAC where we discuss ways of ensuring that your security testing is developer friendly, and that your insight into application vulnerabilities and remediation guidance meet your organization’s risk appetite. We will go over ways of ensuring fast, relevant contextual training, and efficient remediation of detected vulnerabilities.
  • 2021 OSSRA Report: Open Source Trends, Risks & Management Nov 10 2021 10:00 am UTC 59 mins
    Tim Mackey, Principal Security Strategist, Synopsys
    The 2021 Open Source Security and Risk Analysis report (OSSRA) looks at the state of open source use in over 1,250 distinct applications created by organizations in 17 industries. The use of open source continues to grow and businesses of all sizes are now powered by open source software. If left unmanaged, open source may introduce security, quality, and license compliance risks. Are you ready to take control of your open source?

    Join us for this live Synopsys webinar to get a look at our 2021 report results and learn how teams can use the data to inform their overall open source governance plans. We’ll cover:

    • Why open source governance matters
    • The latest trends in open source usage
    • Open source management strategies
  • What is Application Security Orchestration and Correlation Nov 4 2021 6:00 pm UTC 60 mins
    Adrian Acuna, Senior Sales Engineer
    On average, an organization uses at least 11 different AppSec tools throughout its SDLC. If you’re overwhelmed by findings or feel like you’re getting lost in the data, an application security orchestration and correlation (ASOC) tool is for you. ASOC tools empower you to speed up the AppSec process without sacrificing quality.

    In this webinar, Adrian Acuna provides essential background on this emerging technology and how it can benefit you. Topics covered include

    - What ASOC is and isn’t
    - How ASOC improves efficiency across the SDLC
    - Why this is worth the investment
  • Find More Bugs by Detecting Failure Better Nov 4 2021 11:00 am UTC 54 mins
    Jonathan Knudsen, Senior Security Strategist
    Software can fail in many ways, including process crashes, infinite loops, memory leaks, data leakage, corruption, unexpected behavior, and more. Part of the challenge of fuzz testing is accurately detecting when failure occurs.

    The Defensics fuzzer uses various types of instrumentation to detect failures. A spectrum of instrumentation techniques is available, ranging from simple black box approaches that can catch process crashes and hangs, to deeper types of instrumentation that can detect subtler failure modes.

    This webinar describes the instrumentation techniques that are built into Defensics. You’ll learn how Defensics makes it easy to detect a wide variety of software failures, how Defensics can be extended to any type of instrumentation you can imagine, and how an agent framework makes it easy to detect failures by running specialized agents alongside your software target.
  • Future-Proofing Digital Transformations Nov 2 2021 6:00 pm UTC 63 mins
    Anil Bhat, VP of Platform Transformation, MetricStream and Lekshmi Nair, Managing Principal, Synopsys
    Enterprises are redefining their key success factors and long-term ambitions while considering for volatility, scalability, and resiliency. As a result, digital transformation jumped multiple notches up the C-suite agenda. Is digital transformation is just about introducing more technology and developing a digitally literate workforce? Are we prepared enough to address eventualities arising out of diminishing perimeters and distributed data storage? Are organizations ready to accept identity and context as the new perimeter and not the traditional data centers?

    Join this informative discussion to learn about critical components you should consider in “future proofing” your digital transformation journey. The session will outline a practical framework that implementors can adopt to look at the entire lifecycle of data and implement appropriate safeguards and controls.

    These include:

    • Compliance considerations for digital transformation.
    • Remodeling your application security framework to add data security considerations
    • Sustainable and repeatable system engineering practices to S-digitization
    • Secret management considerations for systems engineering
  • Cracking the Code of DevSecOps Oct 28 2021 6:00 pm UTC 60 mins
    Dave Gruber, Senior Analyst, Enterprise Strategy Group and Patrick Carey, Director Product Marketing, Synopsys
    Digital transformation initiatives are forcing development teams to make tough decisions. They have to make tradeoffs between feature velocity and managing application security risk. Developers may lack the knowledge to address the risks they’re aware of, and adding security tools often adds friction to their workflows. A new approach is needed to meet the demands of modern application development.

    Join us for this webcast with Enterprise Strategy Group (ESG) to learn about:

    - How DevOps and automation are changing application security landscape
    - What challenges teams face when automating their AST tools
    - How a new approach to DevSecOps can address these challenges
    - What your team can do to make your DevSecOps initiative successful
  • How To Make Fuzz Testing Work For You? Oct 28 2021 5:00 pm UTC 60 mins
    Dr. Dennis Kengo Oka, Principal Automotive Security Strategist & Rikke Kuipers, Senior Product Manager Defensics, Synopsys
    Telematic units and infotainment systems often have undetected issues. Fuzz testing is a proven way to detect these vulnerabilities in automotive systems. In our webinar “How to Make Fuzz Testing Work for You,” you’ll learn how to collect data to identify exceptions from the system under test and what’s causing them.

    Automotive and fuzzing experts Dr. Dennis Kengo Oka and Rikke Kuipers cover:

    - Challenges related to fuzzing automotive components
    - The agent instrumentation framework
    - Ways to detect previously undetectable exceptions
  • How To Make Fuzz Testing Work For You? Recorded: Oct 28 2021 51 mins
    Dr. Dennis Kengo Oka, Principal Automotive Security Strategist & Rikke Kuipers, Senior Product Manager Defensics, Synopsys
    Telematic units and infotainment systems often have undetected issues. Fuzz testing is a proven way to detect these vulnerabilities in automotive systems. In our webinar “How to Make Fuzz Testing Work for You,” you’ll learn how to collect data to identify exceptions from the system under test and what’s causing them.

    Automotive and fuzzing experts Dr. Dennis Kengo Oka and Rikke Kuipers cover:

    - Challenges related to fuzzing automotive components
    - The agent instrumentation framework
    - Ways to detect previously undetectable exceptions
Build secure, high-quality software faster.
Synopsys helps development teams build secure, high-quality software, minimizing risks while maximizing speed and productivity. With a combination of industry-leading tools, services, and expertise, only Synopsys helps organizations optimize security and quality in DevSecOps and throughout the software development life cycle.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Is Your Software Supply Chain a Security Mystery?
  • Live at: Jun 16 2021 5:00 am
  • Presented by: Ian Hall, Head of Client Services, APAC
  • From:
Your email has been sent.
or close