Name: Building Security into DevOps Without Breaking It
Start: 2023-07-13T04:30:00Z
End: 2023-07-13T04:30:15.000Z
Location: BrightTALK
Rating: 5

Black Duck® offers the most comprehensive, powerful, and trusted portfolio of application security solutions in the industry. We have an unmatched track record of helping organizations around the world secure their software quickly, integrate security efficiently in their development environments, and safely innovate with new technologies. As the recognized leaders, experts, and innovators in software security, Black Duck has everything you need to build trust in your software.

As of October 1, 2024 the Synopsys Software Integrity Group is now Black Duck®

Generative artificial intelligence (GAI) will fundamentally change the way that software is built. Whether they are developing or using AI tools, organizations must understand the opportunities and risks involved, and evolve governance, policies and processes to address those risks.

Join this webinar for a deep dive into the issues that arise when using GAI in software development. We’ll cover:

• Open source data and software licenses and risks with AI
• Licensing and clearance considerations for materials used to train AI models
• Licensing considerations in building, training, and using AI models
• A deep dive on GitHub Copilot, including implications of the class action suit

Generative AI, Training Data, Open Source, and GitHub Copilot, Oh My!

APIs have become central to the daily operations of most businesses. Their rapid proliferation has exposed significant vulnerabilities that need immediate attention. This presentation provides an in-depth assessment of the current state of API security. We discuss the growth of API-related incidents and provide a framework for improving API security within organizations.

Join this webinar to learn about
• API security challenges due to the increase in API usage, and the resulting vulnerabilities
• Proactive security integrations for incorporating security measures throughout the entire API development life cycle
• A framework for enhancing API security to protect against emerging threats

Elevating API Security: A Structured Approach

Legislation requiring stringent software security practices by software producers is being passed around the globe. This requires organizations to rethink their approach to software security, which industry standards they follow, and the best practices for their software development teams.

NIST has produced guidance known as the Secure Software Development Framework (SSDF). The SSDF is a series of practices and associated tasks that serve as a baseline for teams seeking to securely develop software in a standardized way. Attestation to conformance with a subset of the SSDF has been signaled by the U.S.

In this webinar, you will learn the best practices for performing an SSDF readiness assessment including:

• Whether your organization’s software development practices align with the SSDF
• How to determine which controls are lacking for conformance with guidelines
• How to perform associated corrective recommendations on time
• Case studies of successful U.S. government attestations

Best Practices for Leveraging the SSDF

Do you want to secure your software at scale? An application security posture management (ASPM) solution could be the answer. Maintain a strong security posture —and ensure compliance with industry standards and regulations—by gaining visibility into your applications.

Join us for a panel discussion where we share steps for securing applications. You'll learn

• Real-world use cases: Discover how regulatory-heavy industries and large enterprises use ASPM to address security challenges

• Operationalizing testing: Gain insights into how security teams can use ASPM to automate and operationalize security testing

• Maturing your AppSec program: Learn practical steps to enhance your AppSec program with ASPM

Don't miss the opportunity to learn how to be proactive in risk management.

Secure Application Software at Scale

Understanding the risks associated with open source software has become the norm in tech due diligence, but not all approaches are created equal. Knowing what’s in the software you’re acquiring is the first step. Few targets are able to produce an SBOM and when they do, it tends to be about 50% accurate. Is “good enough” good enough for M&A?

Join this live Synopsys webinar to learn how a purpose-built M&A open source audit differs from open source management tools and why it matters in tech due diligence. We’ll cover:

• The risks associated with open source software 
•Why depth of analysis matters, and what it results in during M&A diligence
•Why accuracy, reporting and expert human analysis are keys to thorough diligence

Don’t miss this informative webinar. Register today.

Open Source Software Audit vs Scan: What’s Right for M&A?

There is no shortage of buzz around generative artificial intelligence (GAI). GAI can be used in software development to generate and augment code which saves times and reduces development cycles. But using AI in software development comes with its own set of risks.

Join this webinar to get an introduction to GAI and how you can minimize risk when using it in your organization. We’ll cover:

• What GAI is and how machines learn
• Legal issues with AI including copyright, web scraping, and more
• Overview of current litigation
• Practical approaches to using GAI while minimizing risk

Best Practices for Using AI in Software Development

In February 2024, the NIST Cybersecurity Framework (CSF) 2.0 update was released, featuring the latest advancements. This update brings a host of transformative changes, expanding the framework's scope. It also provides stronger governance and supply chain risk management. There are also refining metrics for assessing cybersecurity effectiveness.

Join this webinar to learn about
• The long-anticipated CSF 2.0 update
• The implications of the changes in the 2.0 update
• Leveraging these changes to improve current cybersecurity programs

Embracing the Future of Cybersecurity with NIST CSF 2.0

Join us for a webinar discussing the challenges organizations face in transitioning to PCI-DSS 4.0 and implementing new security measures. We will explore the updates to the security framework and the critical need to secure APIs to protect sensitive payment information. Don't miss this opportunity to learn about the latest in PCI-DSS 4.0 and how to effectively adapt to these new standards.

PCI-DSS 4.0 Explained: Enhancements, Challenges, and APIs

The Board and C-Suite are starting to take notice of the opportunities and risks inherent with powerful new generative artificial intelligence (GAI) tools that can quickly create text, code, images, and other media. Product Development and Engineering teams want to use such tools to increase productivity by at least one order of magnitude. In response, the Security, Legal, and Compliance teams typically raise legitimate concerns about the risks involved. What role can the Board and C-Suite play in this situation?
 
Join this live Synopsys webinar to get a jump start on what AI strategy, security, and governance looks like from the Board-level and C-suite. We’ll cover:
 
• Fundamentals of AI, types of models, and data used to inform them
• Expanding existing processes and procedures to address the security risks of GAI
• The top three questions the Board and C-Suite should be asking about GAI
• How to navigate the existing and evolving legal and regulatory landscape

AI Strategy, Security, and Governance: The View from the Top

With the cost of cyberattacks predicted to cost $10.5 trillion by 2025, the European Commission is looking to transform the cybersecurity landscape through the Cyber Resilience Act. The goal of the CRA is to “bolster cybersecurity rules to ensure more secure hardware and software products.” But what does that mean for those of us already involved in AppSec?

Join our experts as they discuss how AppSec professionals may be impacted by CRA as it exists today. Specifically, we’ll explore: 
- Which products may be subject to the CRA based on the definition of “digital elements”
- What impacts this could have on software supply chain moving forward
- How you can assess your AppSec programs to see where you stand with CRA as defined today

The CRA is currently a draft, as such opinions and insights from presenters are subject to change.

What the EU Cyber Resilience Act Means for AppSec

We all can plainly see that AI is the “next big thing.”  Whether your organization is bringing up its skill baseline, integrating LLM chatbots with existing applications, leveraging models to augment existing applications, pulling models off HuggingFace and fine tuning them, or training your own models from scratch, this talk will provide you with a baseline to answer the deceptively basic question: how do I secure it?
 
Join this webinar to learn
-              The basics of GenAI 
-              Unique risks with AI integration 
-              Strategies for securely implementing AI
-              Lessons from “the field”

How Do You Secure Hype: Baselining Your Org’s Generative AI Security

Log4Shell, SolarWinds, CodeCov, and the npm package repository are all associated with some type of software supply chain risk or incident, but each represents completely different attack vectors. As we depend more on build and release automation and third- party dependencies, we need to better understand how threat actors exploit them to attack the consumers of software.  In this session, you’ll learn
• The riskiest points of your software development life cycle
• The four most common supply chain attacks, with real-world examples
• How to create a firewall around the software supply chain to protect your software and your customers

Four Types of Supply Chain Attacks Development Teams Should Worry About

Learn about OWASP as an organization and its key projects, and dive into the evolution and process of building the OWASP Top 10 list. Learn whether this list should be considered a one-size-fits-all standard for application security and how to use it for your application security activities. We will also discuss if there are any other alternatives.

The key takeaways from this talk include

· What OWASP and the OWASP Top 10 list are
· How the OWASP Top 10 list is defined and monitored
· How to use  the OWASP Top 10 list for your application security activities

OWASP Top 10 | Understanding IT and Using IT

Boost business success with modernised application security in today's digital era. As businesses shift to cloud software it's essential to find effective solutions for development and testing. Our advice: Build a robust AppSec solution. You might ask yourself how? We’ll share some insightful real-world examples of successful app security implementation. 

  

Join the webinar to explore: 

- key components of modern application security 

- empower developers for quick code scanning 

- discover strategies for identifying and mitigating vulnerabilities

Effective Cloud-based Application Security Practices for Modern Development

Security remains a leading concern for businesses in this multi-cloud era. With the increasing cloud-native deployment and use of generative AI in application software development, along with proliferation of tools, data and applications distributed across various cloud platforms, ensuring a consistent and robust security posture and at the same time, keep pace with the fast DevOps CI/CD pipeline can be daunting.

The  webinar will explore some of the challenges organizations face when navigating the complex landscape in securing their applications from code to cloud in a fast-paced DevOps CI/CD environment. Attendees will gain insights into how companies overcome these challenges and implement robust and effective application security solutions that align to their DevSecOps initiatives.

Key Takeaways: 

- Recognize the security challenges in this high pace, evolving technology landscape
- The importance of adopting an integrated “Essential Three” app security strategy
- Practical solutions for DevSecOps alignment from a customer perspective

Cloud-native and Generative AI Implications in DevSecOps

L’utilisation des logiciels libres s’est considérablement développée ces dernières années, en particulier dans le contexte du déploiement massif des solutions d’intelligence artificielle qui intègrent ou produisent des composants soumis à licence libre. Les tribunaux français ont eu l’occasion de rappeler la validité des licences Open Source, il est donc important de comprendre les conséquences potentielles en cas de violation de ces licences.

Participez à ce webinaire pour échanger sur les derniers développements sur les logiciels libres. Nous aborderons notamment les points suivants :

• Validité des licences et bonnes pratiques pour l'utilisation de logiciel libres
• Risques nouveaux liés au déploiement de l’intelligence artificielle
• Les meilleures pratiques pour minimiser les risques associés au développement de logiciels et aux fusions et acquisitions

Inscrivez-vous dès aujourd'hui.

Licences libres : l’importance d’une mise en conformité

AI-powered development has greatly increased the rate at which software evolves. But using artificial intelligence as a proxy for security-aware developers introduces a variety of risks to the business.

Organizations must prepare for the complexities of AI-powered development. This requires establishing consistent and scalable DevSecOps initiatives. The discussion will cover

• Innovation and trends in AI-powered software development
• The inherent risks to application security and business operations of using AI and third-party digital artifacts
• Best practices for establishing application security testing and issue remediation within DevOps workflows that include AI
• Ways to use AI to empower developers and reduce the opportunity of an attack

Artificial Intelligence, Real Security: Preparing DevSecOps for AI Development

Open source and third-party software make up the bulk of code in today’s applications. Open source has become so integral to modern development that security and development teams struggle to identify all the components in their software. AI code generation only adds to the difficulty.  

From license compliance issues to security vulnerabilities to reliance on stagnant projects, it’s never been more critical to know what’s in your code. It’s table stakes for addressing these risks.  

Join this webinar to hear top open source legal experts discuss how to minimize risks while leveraging open source in software development and M&A. We’ll cover:  

- Roots of open source 
- Examination of the risks 
- Overview of the most popular open source licenses  
- Guidelines for managing

Fundamentals of Open Source Risk Management

As development technologies become more fast-paced, modular, and automated, the tools and practices used to secure the software that passes through these pipelines must evolve. While many application security testing (AST) tools can be integrated into pipelines, teams often struggle with complexity, performance, and noisy results. Injecting security into DevOps without sacrificing efficiency requires a concerted approach focusing on:  

- Integration and automation that minimizes impediments, running necessary tests at appropriate times 
- Remediation of prioritized risks aligned to business needs 
- AppSec-enabled developers equipped with what they need to secure code as they write it 
- Modular AST that can be employed based on the software being tested

Building Security into DevOps Without Breaking It

DevOps

DevSecOps

Application Development

Application Security

Developers

Security

SDLC

Cyber Security

Application Management

CISO

Intellectual property law is crucial to ensuring that you or your organization have exclusive rights to that assets that you’ve created. The BrightTALK intellectual property community has thousands of professionals focused on learning and exchanging information about intellectual property management, intellectual property software and how to protect intellectual property. Join the community for access to free, interactive presentations or attend live webinars to have your questions answered by IP lawyers and industry experts.

Intellectual Property

The legal community on BrightTALK combines the fields of employment law, e-discovery, intellectual property and environmental law to create a thriving ecosystem of legal resources. Attend live and on-demand webinars dealing with employment contract law, e-discovery solutions, intellectual property software and sustainable development from leading lawyers and legal professionals to gain knowledge in a wide range of fields. Join the community and be part of the conversation by attending live legal webinars and connecting with industry thought leaders.

Legal

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

Join thousands of engaged IT professionals in the application management community on BrightTALK. Interact with your peers in relevant webinars and videos on the latest trends and best practices for application lifecycle management, application performance management and application development.

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Internal audit and compliance professionals are facing increasingly stringent regulatory requirements when it comes to compliance reporting and internal control procedures. Join the audit and compliance community to learn best practices from thought leaders on topics such as regulatory compliance, internal audit checklists and audit program strategies.

Audit and Compliance

Get powerful market trends insights that are shaping the M

Mergers and Acquisitions

The accounting and finance community on BrightTALK features presentations from leading accountants and finance professionals. The accounting community includes tax planning strategies, QuickBooks webinars and other accounting webinars, while the finance community features presentations on financial capital regulations and forensic data analytics. Join the conversation by attending live financial and accounting presentations and connecting with industry thought leaders.

Building Security into DevOps Without Breaking It

Presented by

About this talk

More from this channel