Name: Cracking the Code of DevSecOps
Start: 2022-12-20T19:00:00Z
End: 2022-12-20T19:58:11.000Z
Location: BrightTALK
Rating: 5

Synopsys Software Integrity Group provides integrated solutions that transform the way development teams build and deliver software, accelerating innovation while addressing business risk. Our industry-leading portfolio of software security products and services is the most comprehensive in the world and interoperates with third-party and open source tools, allowing organizations to leverage existing investments to build the security program that’s best for them. Only Synopsys offers everything you need to build trust in your software.

As you start down the path of using generative artificial intelligence (GAI) in software development to improve efficiency, reduce costs, and increase revenue, you must also be aware of the associated legal issues. How can you leverage AI and minimize the risk it presents?

Join this live Synopsys webinar in which a panel of legal experts and practitioners will answer your questions about the rise of AI in software development, and how you can responsibly leverage this new technology. We’ll cover:

• The benefits and risks for using AI in software development 
• The evolving legal and regulatory landscape 
• Practical advice for using AI today and into the future

Ask the Experts: AI and Software Development

Generative artificial intelligence (GAI) will fundamentally change the way that software is built. Whether they are developing or using AI tools, organizations must understand the opportunities and risks involved, and evolve governance, policies and processes to address those risks.

Join this live Synopsys webinar for a deep dive into the issues that arise when using GAI in software development. We’ll cover:

• Open source data and software licenses and risks with AI
• Licensing and clearance considerations for materials used to train AI models
• Licensing considerations in building, training, and using AI models
• A deep dive on GitHub Copilot, including implications of the class action suit

Generative AI, Training Data, Open Source, and GitHub Copilot, Oh My!

Digital transformation initiatives are forcing development teams to make tough decisions. They have to make tradeoffs between feature velocity and managing application security risk. Developers may lack the knowledge to address the risks they’re aware of, and adding security tools often adds friction to their workflows. A new approach is needed to meet the demands of modern application development.

Join us for this webcast with Enterprise Strategy Group (ESG) to learn about:

- How DevOps and automation are changing application security landscape
- What challenges teams face when automating their AST tools
- How a new approach to DevSecOps can address these challenges
- What your team can do to make your DevSecOps initiative successful

Cracking the Code of DevSecOps

There is no shortage of buzz around generative artificial intelligence (GAI). GAI can be used in software development to generate and augment code which saves times and reduces development cycles. But using AI in software development comes with its own set of risks.

Join this live Synopsys webinar to get an introduction to GAI and how you can minimize risk when using it in your organization. We’ll cover:

• What GAI is and how machines learn
• Legal issues with AI including copyright, web scraping, and more
• Overview of current litigation
• Practical approaches to using GAI while minimizing risk

Best Practices for Using AI in Software Development

As development technologies become more fast-paced, modular, and automated, the tools and practices used to secure the software that passes through these pipelines must evolve. While many application security testing (AST) tools can be integrated into pipelines, teams often struggle with complexity, performance, and noisy results. Injecting security into DevOps without sacrificing efficiency requires a concerted approach focusing on:  

- Integration and automation that minimizes impediments, running necessary tests at appropriate times 
- Remediation of prioritized risks aligned to business needs 
- AppSec-enabled developers equipped with what they need to secure code as they write it 
- Modular AST that can be employed based on the software being tested

Building Security into DevOps Without Breaking It

To build security into DevOps and achieve true DevSecOps, organizations need to manage AppSec workflows without hindering speed and flexibility. But how do you get there?

Join this live Synopsys webinar to learn how to inject security into DevOps without sacrificing efficiency. We’ll cover how to:

• Secure code as fast as it’s written
• Run the right tests at the right time
• Automate security testing to focus on what matters

And as a thank you for attending our webinar live, we'll buy you a coffee. Please note that only the following countries are eligible for a voucher due to regional legal regulations: France, Italy, Belgium, Netherlands, the U.K., Denmark, Norway, Sweden, and Austria. Furthermore, please note that we only accept business email addresses - no personal addresses will be eligible to receive a voucher.

Coffee with a Side of DevSecOps

Even software with a solid architecture and design can harbor vulnerabilities, whether due to mistakes or shortcuts. But limited security staff don’t have the resources to perform code reviews and provide remediation guidance on the entire application portfolio. Static analysis, also known as static application security testing (SAST), is an automated way to find bugs, back doors, and other code-based vulnerabilities so the team can mitigate those risks.

First, though, you must choose a static analysis model that fits your needs. You might have questions such as these:
- How do I manage false positives?
- How do I triage the results?
- What happens to new issues identified?
- My scan takes hours to complete. How can I use this tool in my DevSecOps pipeline?
- What is a “baseline scan”?

Join us as we walk you through the challenges and benefits of integrating a SAST tool into your DevSecOps pipeline and how we’ve helped other organizations with this process.

5 Steps to Integrate SAST into the DevSecOps Pipeline

The Board and C-Suite are starting to take notice of the opportunities and risks inherent with powerful new generative artificial intelligence (GAI) tools that can quickly create text, code, images, and other media. Product Development and Engineering teams want to use such tools to increase productivity by at least one order of magnitude. In response, the Security, Legal, and Compliance teams typically raise legitimate concerns about the risks involved. What role can the Board and C-Suite play in this situation?
 
Join this live Synopsys webinar to get a jump start on what AI strategy, security, and governance looks like from the Board-level and C-suite. We’ll cover:
 
• Fundamentals of AI, types of models, and data used to inform them
• Expanding existing processes and procedures to address the security risks of GAI
• The top three questions the Board and C-Suite should be asking about GAI
• How to navigate the existing and evolving legal and regulatory landscape

AI Strategy, Security, and Governance: The View from the Top

You’ve automated security tooling in development pipelines and your organization has moved to agile practices, but you are still not experiencing the DevSecOps promise land you were told about.

The three pillars of DevSecOps are people, process, and technology. Have you invested enough into your people? Without a bridge between the security and the development teams, all your hard work can get stuck in mud. 

A Security Champions program can help enable your teams reduce process friction and ensure successful adoption of security within developers’ daily work. This talk will address 

• Common challenges organizations experience
• Ways a Security Champions program can help
• Getting started with building your Security Champions program

Enable your DevSecOps Initiative with Security Champions

Static application security testing (SAST) is a key ingredient of any AppSec program. However, modern applications are built using processes, languages, and tools that didn’t exist when many SAST products were originally designed. This creates challenges for developers and security teams that need to deliver highly secure applications without slowing productivity.
 
In this webinar, we’ll discuss how SAST can help organizations drive security and quality across all their applications. Topics include

• Understanding how static analysis identifies weaknesses in application code
• Running the right level of SAST analysis for each application
• Integrating SAST throughout the software development life cycle
• Ensuring quality and compliance with policy-based code scans

What is SAST?

Open source is widely used in software development because it allows you to create high-quality software quickly. But if left unmanaged, open source can lead to license compliance issues as well as security and code quality risks. Whether you’re on the buy side or sell side, these risks could negatively affect valuation in an M&A transaction.

Join this live Synopsys webinar for an inside look at the data Black Duck Audits complied in 2022 from the hundreds or tech transactions and thousands of codebases we audited. We’ll cover: 
 
• Open source license and security risks by the numbers
• Why audits have become the norm in M&A tech due diligence
• How you can get a complete picture of open source risks

By the Numbers: 2023 Open Source Risk in M&A

Les chaînes d'approvisionnement logicielles utilisées par les applications modernes peuvent se révélées très complexes. Elles consistent en un mélange de code propriétaire et d’open sources, d'API et d'interfaces utilisateur ainsi que de workflows de déploiement dans différents environnements. Les problèmes de sécurité à n'importe quelle étape de cette chaîne peuvent vous exposer, vous et vos clients, à un risque d'attaque. Selon les analystes du Gartner, 45 % des organisations dans le monde connaîtront une attaque d'ici 2025. Renforcer votre chaîne d'approvisionnement logicielle contre les menaces de sécurité est une nécessité, mais cela ne s'arrête pas là. Vous devez également être en mesure de démontrer que vous l'avez fait, afin d’avoir la confiance de vos clients et de respecter les obligations réglementaires.

Rejoignez-nous et découvrez comment nous proposons une approche globale de sécurité de la chaîne d'approvisionnement logicielle, notamment:
• À quoi ressemble une chaîne d'approvisionnement logicielle,
• Présentation des risques tout au long de la chaîne d'approvisionnement logicielle,
• Ce que cela signifie de sécuriser votre chaîne d'approvisionnement et de prouver que vous l'avez fait.

Sécuriser la chaîne d'approvisionnement logicielle

Organizations continue moving their business applications and services to the cloud. With this shift, you need solutions that can keep up with your development, deployment, and testing needs without breaking the bank. Moving to cloud-based application security testing (AST) solutions has often meant having to choose between breadth, ease-of-use, and scalability. That changes now.

Polaris® Software Integrity Platform provides all the benefits of a cloud-based solution without having to make compromises on the breadth, depth, or scale of their testing. In this webinar, we’ll give you a tour of the future of AppSec and discuss how you can

- Embed continuous security in your development, QA, and DevOps workflows
- Manage security testing across teams, applications, and scan types 
- Gain a comprehensive view into your portfolio and project AppSec risks

It’s Time for AppSec to Evolve

Learn more about how to use an attack model in threat modeling to answer the question of how well your assets are protected against threats.

Creating an Attack Model in Threat Modeling

Malicious code has been making headlines over the past years. The type of attacks may vary, but the consequences are real. We’ve seen a spate of malicious open source components identified within the NPM repository, or an ethical hacker gaining access to the systems of several notable tech companies using publicly hosted packages. 

Today, threat actors are looking beyond exploiting weaknesses in the application layer. Now they have started taking advantage of the inherent trust associated with open source software. Inadvertently building code with these weaknesses into applications leaves businesses and their customers prime targets of supply chain attacks.  

Join us as we discuss

• What can be classified as malicious code or malware 
• Some of the techniques that attackers use to inject malicious code into the supply chain 
• Methods for identifying malicious code and open source components

How Does Malicious Code Enter Applications?

To build security into DevOps and achieve true DevSecOps, organizations need to manage AppSec workflows without hindering speed and flexibility. But how do you get there?

Join this live Synopsys webinar to learn how to inject security into DevOps without sacrificing efficiency. We’ll cover how to:

• Secure code as fast as it’s written
• Run the right tests at the right time
• Automate security testing to focus on what matters

Achieving DevSecOps: Ways to reduce AppSec noise at scale

Tracking the right metrics is essential in DevSecOps as it helps measure the eﬀectiveness of your security program. Listen as Taylor and Clint, discuss how teams can raise their security bar with useful measurement metrics, as well as how to identify high ROI security investments for their DevSecOps program.

Raising the security bar in DevSecOps

The Log4j debacle highlighted just how difficult it is for security teams to find vulnerable software, and the recent executive order around a software bill of materials is highlighting the importance of knowing what software the organization is using. How can a software bill of materials help security teams with detection and response? In this webinar, experts discuss how organizations can use the software bill of materials as part of their enterprise security strategy. Learn how to implement a software bill of materials, identify controls and processes that need to be implemented alongside it, and understand potential challenges to be aware of. Organizations rarely have a clear picture of what software is running in their organization, but it doesn't have to be that way.

During this webinar you will:

- Unpack the potential, as well as limitations of a SBOM.
- Find out what you should look for in an SBOM, and how to ask for one.
- Get the facts about how security teams have successfully implemented SBOMs into their overall security strategy.

SBOMS and the Modern Enterprise Software Supply Chain

Orchestration

DevOps

Application Development

Application Delivery

Application Security

Developers

Application Lifecycle Management

DevSecOps

Cyber Security

SDLC

Intellectual property law is crucial to ensuring that you or your organization have exclusive rights to that assets that you’ve created. The BrightTALK intellectual property community has thousands of professionals focused on learning and exchanging information about intellectual property management, intellectual property software and how to protect intellectual property. Join the community for access to free, interactive presentations or attend live webinars to have your questions answered by IP lawyers and industry experts.

Intellectual Property

The legal community on BrightTALK combines the fields of employment law, e-discovery, intellectual property and environmental law to create a thriving ecosystem of legal resources. Attend live and on-demand webinars dealing with employment contract law, e-discovery solutions, intellectual property software and sustainable development from leading lawyers and legal professionals to gain knowledge in a wide range of fields. Join the community and be part of the conversation by attending live legal webinars and connecting with industry thought leaders.

Legal

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

Join thousands of engaged IT professionals in the application management community on BrightTALK. Interact with your peers in relevant webinars and videos on the latest trends and best practices for application lifecycle management, application performance management and application development.

Application Management

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Internal audit and compliance professionals are facing increasingly stringent regulatory requirements when it comes to compliance reporting and internal control procedures. Join the audit and compliance community to learn best practices from thought leaders on topics such as regulatory compliance, internal audit checklists and audit program strategies.

Audit and Compliance

Get powerful market trends insights that are shaping the M

Mergers and Acquisitions

The accounting and finance community on BrightTALK features presentations from leading accountants and finance professionals. The accounting community includes tax planning strategies, QuickBooks webinars and other accounting webinars, while the finance community features presentations on financial capital regulations and forensic data analytics. Join the conversation by attending live financial and accounting presentations and connecting with industry thought leaders.

Cracking the Code of DevSecOps

Presented by

About this talk

More from this channel