Name: What Is Software Composition Analysis?
Start: 2023-07-11T18:00:00Z
End: 2023-07-11T18:00:37.000Z
Location: BrightTALK
Rating: 4

Synopsys Software Integrity Group provides integrated solutions that transform the way development teams build and deliver software, accelerating innovation while addressing business risk. Our industry-leading portfolio of software security products and services is the most comprehensive in the world and interoperates with third-party and open source tools, allowing organizations to leverage existing investments to build the security program that’s best for them. Only Synopsys offers everything you need to build trust in your software.

Tech M&A deals move fast, and there’s not always enough time, money, or bandwidth to complete diligence on all of the software assets that you’re acquiring. So how do you prioritize what you audit so that you can feel confident that you’re reducing risk in the right places?
 
Join this live webinar to hear how a legal software due diligence expert advises clients prioritizing their software due diligence. We’ll cover: 
 
• Where audits come up and why should you care about them
• Where an audit fits into the M&A transaction process
• How to “right size” an audit and strategically select code for auditing

How to Prioritize the Software You Diligence in Software Due Diligence

In today's fast-paced and ever-evolving cloud landscape, security is not just a necessity but a strategic enabler. To empower organizations to proactively prevent, detect, and respond to cloud security threats with precision and agility, cloud security solutions must scale on demand.  Automation in detection and remediation efforts must be in place to meet this requirement.
 
In this webinar, you’ll learn
- Why cloud detection and response (CDR) is necessary
- How CDR is typically performed
- What business outcomes and benefits CDR provides

Elevating Security in the Cloud: Detection and Response Unleashed

Esploreremo assieme come la Software Bill of Material (SBOM) sia un elemento critico di supporto alla sicurezza della supply chain. Legislazioni nell'UE e altrove ne raccomandano e impongono l'uso a venditori, fornitori e clienti. Approfondiremo le diverse funzionalità richieste per le SBOM, che variano in base al settore, alla giurisdizione e alla posizione nella catena di fornitura. Questa presentazione metterà in evidenza gli aspetti chiave della conformità SBOM, e introdurrà come la soluzione BlackDuck Supply Chain rappresenta un elemento di supporto alla corretta gestione di una SBOM. Insieme, affronteremo: 

- Come decifrare le implicazioni legislative per i SBOM;
 - Semplificare i processi SBOM efficaci; 
- Approfondimenti strategici per un'implementazione di successo.

Cybersecurity Readiness e SBOM: navigazione nella legislazione e nei processi

In January, the EU published the final version of the Cyber Resilience Act (CRA). While this won't come into force until late 2026, there are still actions you can take.  

The good news is most of what's required is already part of a mature modern AppSec programme.  

In this session we’ll cover some of what DevSecOps and product security teams should be planning for to address CRA, with lessons drawn from efforts present in highly regulated spaces in other jurisdictions.

What the CRA means to DevSecOps Teams

Artificial intelligence (AI) continues to push the frontiers of technology - and it's here to stay. It's influence on cybersecurity reveal a double-edged sword. AI is becoming a formidable enhancer of security measures. But with all new technologies, there is a downside to consider. AI is already used as a core tool in the arsenal of cybercriminals and its capabilities are harnessed to refine every aspect of cybercrime.

The more we see criminals that leverage AI, the more we realize that our defences are not yet equipped to counter Malicious-AI. So where does this leave us?

This session will shed light on how criminals exploit AI to elevate their malicious endeavours. Gain practical insights into the evolving landscape of cybercrime and the pivotal role of AI within it. Let's take a glimpse into a future where AI dominates the cybercrime landscape! Are you ready for the move?

How to Protect Yourself from AI Cybersecurity Nightmares

Securing your software supply chain begins with knowing what’s in your code. With AI-generated code and ubiquitous open source software use, it’s never been more critical to understand what risks your software may contain. In fact, last year alone we found that 84% of codebases contained at least one open source vulnerability.
 
Join this live Synopsys webinar as we explore the findings from the 2024 “Open Source Security and Risk Analysis” report. We’ll cover:
 
• The state of open source software security
• Tips for mitigating risks and keeping vulnerabilities out of your supply chain
• How to protect against security and IP risks from AI coding tools

The 2024 Guide to Open Source Security and Risk

Open source is widely used in software development because it allows you to create high-quality software quickly - especially with the use of AI-assisted coding tools. But if left unmanaged, open source can lead to license compliance issues as well as security and code quality risks. Whether you’re on the buy side or sell side, these risks could negatively affect valuation in an M&A transaction.

Join this Synopsys webinar for an inside look at the data Black Duck Audits complied in 2023 from the hundreds of tech transactions and thousands of codebases we audited. We’ll cover:

• Open source license and security risks by the numbers
• Why audits have become the norm in M&A tech due diligence
• How you can get a complete picture of open source risks

By the Numbers: 2024 Open Source Risk in M&A

In February 2024, the NIST Cybersecurity Framework (CSF) 2.0 update was released, featuring the latest advancements. This update brings a host of transformative changes, expanding the framework's scope. It also provides stronger governance and supply chain risk management. There are also refining metrics for assessing cybersecurity effectiveness. 

Join this webinar to learn about
• The long-anticipated CSF 2.0 update
• The implications of the changes in the 2.0 update 
• Leveraging these changes to improve current cybersecurity programs

Embracing the Future of Cybersecurity with NIST CSF 2.0

Organizations continue moving their business applications and services to the cloud. With this shift, you need solutions that can keep up with your development, deployment, and testing needs without breaking the bank. Moving to cloud-based application security testing (AST) solutions has often meant having to choose between breadth, ease-of-use, and scalability. That changes now.

Polaris® Software Integrity Platform provides all the benefits of a cloud-based solution without having to make compromises on the breadth, depth, or scale of their testing. In this webinar, we’ll give you a tour of the future of AppSec and discuss how you can

- Embed continuous security in your development, QA, and DevOps workflows
- Manage security testing across teams, applications, and scan types 
- Gain a comprehensive view into your portfolio and project AppSec risks

It’s Time for AppSec to Evolve

This year’s DevSecOps Report defines a vivid image of organizations’ journey to secure their software development pipelines, with intriguing conclusions about challenges, success factors, and risk exposure across industries and maturities. Integrating security controls across the development lifecycle and CI pipelines establishes mechanisms for rapid risk detection, accelerated remediation, and automated security gates. But aligning development, AppSec, and DevOps teams to realize a vision for secure DevOps requires a clear strategy. 

Join us as we examine the key findings from the Synopsys 2023 DevSecOps Survey and discuss: 

• The state of DevSecOps across roles and technologies
• What a maturing DevSecOps program looks like and which tools and practices foster growth
• Recommendations for how to integrate application security without impeding DevOps

Register today.

DevSecOps in the Wild: Examining Global Security Factors in 2023

Modern software development has completely transformed the way organizations operate and compete in the market. With the attack surface growing exponentially and the software supply chain becoming more complex due to developments like the rise of AI and increasing regulatory pressure, organizations are struggling to keep pace. 
 
In this webinar, learn how to remove complexity and ease the resource strain associated with securing modern software through consolidation initiatives. Join us with Accenture Security and Enterprise Strategy Group for a roundtable discussion on
 
• Key trends and core challenges associated with security tool proliferation
• Blueprints for taking a consolidation initiative beyond TCO to improving overall risk management
• Key learnings from actual customer consolidation journeys

AppSec Optimized! A Guide to AppSec Tool Consolidation

网络安全是SDV时代面临的重大挑战，软件供应链安全治理是这个时代的焦点。应该如何认识软件供应链安全对智能网联汽车的价值？应该如何把握软件供应链安全的核心？应该如何考量软件供应链安全治理方案？除广义软件供应链安全治理外，又该如何把握以自由与开源软件（FOSS）为主体的狭义软件供应链安全治理的要点？本主题将针对上述内容进行总结和分享。

SDV时代的软件供应链安全

In a survey of your peers, the Ponemon Institute uncovered a stark reality:
 
Teams are struggling to secure software supply chains as fast as advances in things like AI are increasing developments ability to produce it. For example, 52% of organizations leverage AI tools to generate code. Yet only 32% say they have processes in place to evaluate it.  And less than half say they are effective in securing open source or evaluating the security of commercial software in their supply chain.
 
Where do you rank? 
 
Join the webinar to understand the state of software supply chain security and how you can help your team keep pace with managing it. We’ll cover:   
 
• How prepared organization are for supply chain attacks
• How to secure and manage open source and commercial software in your applications
• How things like AI and SBOM mandates are impacting security readiness

By the Numbers: Software Supply Chain Security Risks

Understanding the complexities of production testing is essential for any robust security strategy. Although conducting dynamic application security testing (DAST) in live environments is challenging, it is vital for ensuring application safety. This webinar bridges the gap between the daunting nature of production testing and its benefits.

Join our panel of experts to learn
- Common vulnerabilities that persist in production environments
- How to overcome challenges in configuration changes and supply chain vulnerabilities
- Real-world examples of how organizations have navigated these complexities

Secure Your Frontline: Start Continuous DAST in Production

Securing software takes teamwork—a unified approach from development through testing and into production. But each team has a distinct set of requirements and workflows that need to align to realize a concerted push for security. And while developers influence risk posture, they are often not trained in or focused on software security practices.

How can you make the effort that developers and DevOps teams are already putting in more valuable to the business? What's the best way to cultivate highly security-conscious developers so your software becomes more secure over time? Is there a way to derive tangible benefits for the business, the team, and the individual?

Join us as we break down a five-step process with real-world applicability. Topics include

• The critical distinction between developers' security awareness and their security capability
• Mechanisms to automate risk detection and accelerate remediation across the pipeline, including at the developer desktop
• How to establish security gates in DevOps pipelines in a way that doesn't derail development or lead to missed shipping deadlines
• How to create a DevSecOps initiative that can evolve with the business and enable developers to sustain security requirements as part of their day-to-day
• Ways to maximize security's value to the business and its customers

AppSec Automation: Five Steps to Achieving Developer-First Security

Security issues in DevOps often arise due to conflicting aims between developers and security professionals, with developers aiming for rapid product pipeline completion and security teams focusing on preventing vulnerabilities. 
  
How do we achieve this in the real world? How can organizations remove complexity, reduce costs, and improve scalability without compromising security? 
  
Polaris Software Integrity Platform® offers a full suite of AppSec solutions from SAST, SCA to DAST. In this webinar, explore our latest addition Polaris fAST Dynamic, tailored for modern web applications. 
  
We will also showcase Polaris Assist, an AI-powered application security assistant on the Polaris platform. Polaris Assist combines decades of real-world insights with a powerful large language model (LLM) that gives security and development teams easy-to-understand summaries of detected vulnerabilities and code fix recommendations to help them build secure software faster. 
  
Join us and learn what the next generation of easy, fast, and automated application security can do to seamlessly integrate with any environment your teams are working in.

The Future of Automation AppSec with Polaris Assist powered by AI

Open source and third-party software make up the bulk of code in today’s applications. Open source has become so integral to modern development that security and development teams struggle to identify all the components in their software. AI code generation only adds to the difficulty.  

From license compliance issues to security vulnerabilities to reliance on stagnant projects, it’s never been more critical to know what’s in your code. It’s table stakes for addressing these risks.  

Join this live webinar to hear top open source legal experts discuss how to minimize risks while leveraging open source in software development and M&A. We’ll cover:  

- Roots of open source 
- Examination of the risks 
- Overview of the most popular open source licenses  
- Guidelines for managing

Fundamentals of Open Source Risk Management

Demystifying SBOMs: Navigating Legislation and Processes

The Four Truths of Securing Your Software Supply Chain

How Many Types of SBOM Are There?

SBOMs and SPDX: Now and in the Future

What the EU Cyber Resilience Act Means for AppSec

SBOMS and the Modern Enterprise Software Supply Chain

Software Supply Chain Risk Management: The New EU and US SBOM Regulation

Coffee with a Slice of SBOM

Addressing software liability in the public sector

Don’t let your software supply chain poison your apps

Takeaways from Recent Software Supply Chain Developments

Take Action: Putting Open Source Risk Management Policies to Work

Supply Chain Security Snags

Managing your open source risks

Open source trends uncovered in the 2023 OSSRA

How to Easily Generate An Accurate SBOM with Black Duck

Demystifying SBOM: More Than Just an Artifact?

Is an SBOM a silver bullet for software supply chain security?

Managing software supply chain risks

Securing the Software Supply Chain: More Than Just an SBOM?

Methods and tools for SBOM generation

Benefits of an SBOM Across the Software Supply Chain

SBOMs: What’s in your software ingredients list?

Modern applications are no longer created from scratch; instead they are constructed of various components, including open source code that is often developed by individuals outside the organization. Our research reveals that open source code makes up 76% of the average application.

Although leveraging open source software provides access to external expertise, it also entails responsibilities for organizations. Ensuring the security, compliance, and quality of the code is crucial. This is where software composition analysis (SCA) plays a significant role.

Join this discussion that explores the following topics:

o What SCA is and how it functions
o Addressing risks through SCA
o Key elements of an effective SCA solution
o Building a comprehensive open source risk management program with SCA

What Is Software Composition Analysis?

Application Security

AppSec

Software Composition Analysis

Open Source

Cyber Security

SBOM

Vulnerabilities

Vulnerability Management

Vulnerability Scanning

Intellectual property law is crucial to ensuring that you or your organization have exclusive rights to that assets that you’ve created. The BrightTALK intellectual property community has thousands of professionals focused on learning and exchanging information about intellectual property management, intellectual property software and how to protect intellectual property. Join the community for access to free, interactive presentations or attend live webinars to have your questions answered by IP lawyers and industry experts.

Intellectual Property

The legal community on BrightTALK combines the fields of employment law, e-discovery, intellectual property and environmental law to create a thriving ecosystem of legal resources. Attend live and on-demand webinars dealing with employment contract law, e-discovery solutions, intellectual property software and sustainable development from leading lawyers and legal professionals to gain knowledge in a wide range of fields. Join the community and be part of the conversation by attending live legal webinars and connecting with industry thought leaders.

Legal

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

Join thousands of engaged IT professionals in the application management community on BrightTALK. Interact with your peers in relevant webinars and videos on the latest trends and best practices for application lifecycle management, application performance management and application development.

Application Management

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Internal audit and compliance professionals are facing increasingly stringent regulatory requirements when it comes to compliance reporting and internal control procedures. Join the audit and compliance community to learn best practices from thought leaders on topics such as regulatory compliance, internal audit checklists and audit program strategies.

Audit and Compliance

Get powerful market trends insights that are shaping the M

Mergers and Acquisitions

The accounting and finance community on BrightTALK features presentations from leading accountants and finance professionals. The accounting community includes tax planning strategies, QuickBooks webinars and other accounting webinars, while the finance community features presentations on financial capital regulations and forensic data analytics. Join the conversation by attending live financial and accounting presentations and connecting with industry thought leaders.

What Is Software Composition Analysis?

Presented by

About this talk

More from this channel