Rethinking GRC for Modern Software Development

Presented by

Phillip Ivancic and Michael McGrath

About this talk

Many enterprises have split their security functions between first-line defences, where AppSec tooling and penetration testing traditionally fits, and the second-line defences that encompass their governance, risk, and compliance (GRC) teams. This organizational and functional split has resulted in a major disconnect between the evolution of GRC practices and AppSec. This is further exacerbated by the huge challenges of improving application security at scale across CI/CD pipelines, infrastructure-as-code files, containers, the cloud—the list goes on and on. Organizations have tried bridging the gap with manual spreadsheets, but they need a better way to track and correlate tooling, security testing, and risk assessment results. Join this webinar to learn how Synopsys customers and partners are using application security orchestration and correlation (ASOC) tools like Code Dx® and Intelligent Orchestration to bridge the gap between GRC and AppSec and get the answers to questions such as • When was the software tested? • What was found? • What was fixed? • How can I identify my most vulnerable software? • What is the extent of my exposure and exploitability?

Related topics:

More from this channel

Upcoming talks (20)
On-demand talks (110)
Subscribers (41041)
Synopsys Software Integrity Group provides integrated solutions that transform the way development teams build and deliver software, accelerating innovation while addressing business risk. Our industry-leading portfolio of software security products and services is the most comprehensive in the world and interoperates with third-party and open source tools, allowing organizations to leverage existing investments to build the security program that’s best for them. Only Synopsys offers everything you need to build trust in your software.