Synopsys helps development teams build secure, high-quality software, minimizing risks while maximizing speed and productivity. With a combination of industry-leading tools, services, and expertise, only Synopsys helps organizations optimize security and quality in DevSecOps and throughout the software development life cycle.

When should we worry about OSS in our suppliers’ software? How should we address OSS when we provide software, SaaS, or other cloud services? Is copyleft truly “viral,” and what should we do about it? This one-hour webinar debunks myths surrounding open source software (OSS) and explains how to address it in tech contracts. Topics include

• The nature of open source software
•	Myths and realities of copyleft OSS
•	Typical IT contract terms and how they address OSS
•	OSS legal compliance

Don’t miss this informative webinar. Register today.

The speaker, David W. Tollen, is one of the industry’s leading authorities on software licenses and cloud computing agreements. He is the author of the American Bar Association bestseller, “The Tech Contracts Handbook: Cloud Computing Agreements, Software Licenses, and Other IT Contracts for Lawyers and Businesspeople.” He’s an attorney and expert witness, and he teaches at UC Berkeley Law School. He also trains businesspeople and lawyers on IT contract drafting and negotiation through his company, Tech Contracts Academy (www.TechContracts.com). He practices law with Sycamore Legal PC in San Francisco (www.SycamoreLegal.com).

OSS in IT Contracts: Buying & Selling Under the Shadow of Copyleft and More

The past couple of years have seen major changes in the way applications are developed, deployed—and secured. They should accommodate these changes too. Are conventional security controls like SAST, DAST and pen test catering to the changing technology landscape? Do your existing controls support the new OWASP Top 10 requirements? Join us to hear from industry leaders about
 
· How the product security program should be modeled to cater to the new technology landscape
 
· Whether conventional approaches of securing software in the coding and testing phase meet the new OWASP Top 10 requirements
 
· What security controls are required in an end-to-end product life cycle

AppSec & the OWASP Top Ten 2021

The right application security orchestration and correlation (ASOC) tool automates time-consuming application security workflows and makes software security risks visible across the SDLC at DevOps speed. Code Dx provides you with the transparency and visibility needed to bring accountability to the application security process.

In this webinar, Adrian Acuna demonstrates how Code Dx
- Filters out noise using machine learning to prioritize fixes
- Tracks all testing and remediation activities in a system of record
- Provides continual situation awareness with “single page of glass” visibility

See An ASOC Tool In Action

Software is everywhere. And for organizations dependent on software, understanding and managing the software supply chain is vital. Changes to your software supply chain may have ripple effects for your business. How do you manage that?

Join us for this Synopsys webinar to learn why a software Bill of Materials (SBOM) is an important tool in managing your software supply chain. We’ll cover: 

• What an SBOM is and what role it plays in the supply chain
• How to efficiently manage the software supply chain
• What happens when something goes wrong with a link in the chain

Benefits of an SBOM Across the Software Supply Chain

Cyber security is crucial for organizations in the automotive industry—it's vital to perform cyber security testing activities throughout the development process. For example, fuzz testing can help detect unknown vulnerabilities in the product. Further, automating fuzz testing helps organizations detect vulnerabilities more effectively earlier in the development process.

In this webinar, Dr. Dennis Kengo Oka outlines a practical step-by-step guide to building fuzz testing into the continuous integration pipeline using the Zephyr Project RTOS as an example.

Key topics include

- Identifying the target communication protocols to test
- Defining fuzz testing strategies
- Executing fuzz testing on a continuous basis

A Practical Guide to Fuzz Testing Embedded Software in a CI Pipeline

Apache Log4j is a broadly used open source component within the Java community, making its recent zero-day vulnerability a major fire drill for countless development teams. As development teams scramble to find and patch the issue, due diligence teams are left wondering if the software they’re about to acquire is secure and how they can know for sure. 

Join Synopsys for a live webinar that explores why security vulnerabilities like Log4j introduce risk into a transaction, and what security audits can uncover in due diligence. We’ll cover

• Why it’s critical to uncover security risks
• What a security audit can teach you beyond vulnerability identification
•	Best practices for software due diligence

Don’t miss this informative webinar. Register today.

Log4j, Security Risks, and M&A: Identifying Software Risk in Deals

Adam is a BSIMM assessor and has participated in many BSIMM measurements with Synopsys, also as a proponent of software security initiatives and has presented on that topic in several public forums with positive responses.

Adam has been a with Synopsys for six years, working briefly as a Sales Engineer with SIG products then taking on a Regional Sales Manager Role for two years where he consistently exceeded his target. Currently working as a Managing Consultant with the software security consulting team in London, in addition to measurements, Adam helps organisations daily with software security activities, be that architecting solutions to best fit their risk and needs or partnering with them to orchestrate delivery of Synopsys’ services.

Listen to our presentation and discover what activities are essential for building a successful SSI and what steps can be taken to drive a successful security program.

The Ultimate Guide: Reduce risk with your Software Security Initiative

Whether you’re fighting a fire or mitigating a zero-day open source vulnerability, the response is important but it’s not the only factor. How you prepare, prevent, and improve from one situation to the next is just as if not more important. Log4j is the latest high-profile breach, but it won’t be the last. In fact, more than 500 vulnerabilities have been disclosed since CVE-2021-4228.

Effective open source risk management is the key to staying ahead of the next open source zero-day vulnerability, as well as the countless other vulnerabilities and conflicts that arise on a daily basis. This webinar explores 

- The importance of understanding your organization’s unique risk tolerance
- How to transform an open source risk profile into an actionable program
- Ways to support an efficient program with the necessary people, processes, and tools

Log4j and Beyond: How to Survive Open Source Zero-Days

AppSec teams often struggle to keep up with the rapid code releases produced by DevOps teams. Testing falls behind as development speeds up. Since slowing down development to suit security isn’t an option, what do you do? You centralize testing across development pipelines into a scalable, repeatable, and automated process.  This allows security to move at the speed of DevOps. 

Listen as Adrian Acuna discusses six ways an application security orchestration and correlation (ASOC) tool can benefit you. We'll cover:

- Why organizations continue to struggle with AppSec tool findings
- How centralized management and standardization of results helps everyone
-	What ASOC actually does to support security AND development

6 Ways to Improve AppSec Accountability

On average, an organization uses at least 11 different AppSec tools throughout its SDLC. If you’re overwhelmed by findings or feel like you’re getting lost in the data, an application security orchestration and correlation (ASOC) tool is for you. ASOC tools empower you to speed up the AppSec process without sacrificing quality.

In this webinar, Adrian Acuna provides essential background on this emerging technology and how it can benefit you. Topics covered include

- What ASOC is and isn’t
- How ASOC improves efficiency across the SDLC
- Why this is worth the investment

What is Application Security Orchestration and Correlation

Gain insights into important legal developments from two of the leading open source legal experts, Mark Radcliffe, partner at DLA Piper and general counsel for the Open Source Initiative, and Tony Decicco, shareholder at GTC Law Group & Affiliates.

This annual review will highlight the most significant legal developments related to open source software in 2021. We’ll cover:

• Recent actions & statements by the Software Freedom Conservancy [including SFC v. Vizio]
• Stockfish v. ChessBase
•	Update on open source software transactions and related standards
•	The Elastic dispute 
•	Log4J security vulnerability
•	And more…

Attendees of the live webinar will earn CLE credit. Don’t miss out—register today.

CLE:
DLA Piper LLP (US) has been certified by the State Bar of California, the Board on Continuing Legal Education of the Supreme Court of New Jersey, and the New York State Continuing Legal Education Board as an Accredited Provider. The following CLE credit is being sought: 
•	California: 1.25 Credit (1.25 General, 0.0 Ethics)
•	New Jersey: 1.5 Credits (1.5 General, 0.0 Professional Responsibility)
•	New York: 1.5 Transitional & Non-Transitional Credit (1.5 Professional Practice, 0.0 Ethics and Professionalism)
CLE credit will be applied for in other states where DLA Piper has an office with the exception of Minnesota, North Carolina, and Puerto Rico.

The 2021 Open Source Year in Review

Our technology, work processes, and activities all depend on software to run. So it’s important to be able to trust that the software is safe and secure. To assure this, we need to manage the risks that relate to it. But just buying a tool is not enough to build a holistic application security (AppSec) program.

In this webinar we will take a look at what it means to build a holistic AppSec program. We will explore

- How to better understand your internal and external threats and risks 
- How to form strong foundation for your AppSec program
- How to maximize your AppSec tools (it requires more than just buying an AppSec tool!)

Build a Holistic AppSec Program 101

Open source has become the foundation for modern software development, but when left unmanaged, it exposes both vendors and consumers to security risks. In fact, 84% of the codebases we audited in 2020 contained a vulnerability, and sixty percent contained a high-risk vulnerability. How are you managing your open source security risks? 

Join this live Synopsys webinar as we explore the findings of our 2021 Open Source Security and Risk Analysis report and what that means to teams like yours. Specific topics include:  

• What it means to manage your open source usage
• Why you need an accurate inventory of open source components 
•	How to prioritize the vulnerabilities to fix 
•	Where to integrate testing into your SDLC 

 Don’t miss this informative webinar. Register today.

Managing open source security risk: Lessons from the OSSRA report

Coverity® 와 같은 애플리케이션 정적 분석 도구 (SAST ; Static Application Security Testing )는 소프트웨어 개발 수명 주기(SDLC ; Software Development Life Cycle)내 발생할 수 있는 소프트웨어의 문제 발생 요인을 미리 발견하고 그 위험을 제거를 돕는 것이 주요 역할입니다. 오늘날 오픈 소스는 애플리케이션 개발의 필수 구성 요소로, 애플리케이션의 소스 코드 중 평균 70% 이상 오픈 소스로 구성되어 있습니다. 그러나 기존의 SAST는 소스코드 내의 오픈 소스 취약점/라이선스/버전을 식별하는 기능은 지원하고 있지 않습니다. 그렇다고 개발자가 사용한 소스코드의 오픈소스 라이선스, 취약점을 관리하기 위해 오픈 소스를 따로 저장하고 수동으로 유지 관리하는 것은 비효율적이고 시간이 많이 걸리는 방법 입니다.

이러한 문제점을 효과적으로 관리할 수 있는 방법, 시높시스의 Coverity® SAST 와 Black Duck® SCA 도구를 Sales Engineer 제병주 부장과 함께 살펴 보도록 하겠습니다.

진행될 웨비나에서는 SAST와 SCA 도구를 같이 사용하지 않을 경우 쉽게 발생할 수 있는 보안 문제에 대해 공유하고 효과적인 적용을 위해 아래와 같은 내용을 중점으로 공유 드릴 예정입니다.
• Black Duck® SCA와 Coverity® SAST를 사용한 AppSec 전략 예제 소개
• Synopsys 솔루션의 장점 : 여러 보안 품질 문제를 빠르게 식별하고 비지니스 중요도를 파악하여 개발자에게 가장 시급한 보안 문제가 무엇인지 전달
• SDLC 내 SAST + SCA의 결합의 효용 가치

"Coverity와 Black Duck" 시너지 : 더 빠르고 효과적으로 개발 할 수 있는 방법

Since its discovery on December 10, 2021, the Apache Log4j vulnerability (CVE-2021-44228) has left organizations scrambling as they look to respond to this glaring cybersecurity threat. The popularity of the Java logging framework, coupled with the ease of exploitation, has led to its heightened severity, making it a top priority to identify and remediate.  

Listen as Jeremy Radford of World Wide Technology discusses how his organization has responded to the situation. Joining him will be Synopsys expert Mike McGuire delivers insights on the Log4j vulnerability including

- How this vulnerability works and impacts your applications
- How to determine if your organization is impacted
- How to remediate the vulnerability and protect against similar ones in the future

Log4j Zero Day – Its Impacts and How to Resolve Them

As the popularity of cloud-native applications continues to surge, containers are becoming the preferred option to package and deploy these applications because of the agility and scalability they deliver. According to Gartner, “by 2022, more than 75% of global organizations will be running containerized applications in production.”

The popularity of containers has also attracted the attention of hackers who are constantly looking for new ways to exploit them. Containers expand an organization’s attack surface and increase the risk to the applications they house. A comprehensive approach for container security is required to mitigate the risk to containerized applications and infrastructure.

In this webinar, we’ll outline the essential elements required to secure your container environments, including:
• Understanding what containers are (and aren’t)
• How to look at container security holistically
• The top threats to container landscapes
• Relevant case studies

Container Security Essentials

How are you security testing APIs, web services, and cloud-native applications?  Are you able to test application security without impacting efficiency?  Do you have sufficient visibility into sensitive data that your applications handle?
 
This session we will be joined by guest speaker John Salomon from FS-ISAC where we discuss ways of ensuring that your security testing is developer friendly, and that your insight into application vulnerabilities and remediation guidance meet your organization’s risk appetite.  We will go over ways of ensuring fast, relevant contextual training, and efficient remediation of detected vulnerabilities.

Testing security of micro-services, APIs and cloud-native apps

DevOps

DevSecOps

API Security

Microservices

Security Testing

Software Development

Cloud Security

Cloud Applications

Application Security

Risk Mitigation

Intellectual property law is crucial to ensuring that you or your organization have exclusive rights to that assets that you’ve created. The BrightTALK intellectual property community has thousands of professionals focused on learning and exchanging information about intellectual property management, intellectual property software and how to protect intellectual property. Join the community for access to free, interactive presentations or attend live webinars to have your questions answered by IP lawyers and industry experts.

Intellectual Property

The legal community on BrightTALK combines the fields of employment law, e-discovery, intellectual property and environmental law to create a thriving ecosystem of legal resources. Attend live and on-demand webinars dealing with employment contract law, e-discovery solutions, intellectual property software and sustainable development from leading lawyers and legal professionals to gain knowledge in a wide range of fields. Join the community and be part of the conversation by attending live legal webinars and connecting with industry thought leaders.

Legal

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

Join thousands of engaged IT professionals in the application management community on BrightTALK. Interact with your peers in relevant webinars and videos on the latest trends and best practices for application lifecycle management, application performance management and application development.

Application Management

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Internal audit and compliance professionals are facing increasingly stringent regulatory requirements when it comes to compliance reporting and internal control procedures. Join the audit and compliance community to learn best practices from thought leaders on topics such as regulatory compliance, internal audit checklists and audit program strategies.

Audit and Compliance

Get powerful market trends insights that are shaping the M

Mergers and Acquisitions

The accounting and finance community on BrightTALK features presentations from leading accountants and finance professionals. The accounting community includes tax planning strategies, QuickBooks webinars and other accounting webinars, while the finance community features presentations on financial capital regulations and forensic data analytics. Join the conversation by attending live financial and accounting presentations and connecting with industry thought leaders.

Testing security of micro-services, APIs and cloud-native apps

Presented by

About this talk

More from this channel