Name: Software Supply Chain Risk Management: The New EU and US SBOM Regulation
Start: 2023-06-28T14:00:00Z
End: 2023-06-28T14:00:28.000Z
Location: BrightTALK
Rating: 5

Black Duck® offers the most comprehensive, powerful, and trusted portfolio of application security solutions in the industry. We have an unmatched track record of helping organizations around the world secure their software quickly, integrate security efficiently in their development environments, and safely innovate with new technologies. As the recognized leaders, experts, and innovators in software security, Black Duck has everything you need to build trust in your software.

As of October 1, 2024 the Synopsys Software Integrity Group is now Black Duck®

Leverage the power of policies to flag non-compliant components. With Black Duck SCA policies, create your own rules to determine 'non-compliance'. Join us in this webinar as we explore what policies are, how to configure them and how we can use them within our Black Duck SCA scans.

Black Duck SCA - Policy Management

Just as most software assets contain open source, modern software applications commonly include third party software functionality via calls to external web services via APIs. By using web services, developers may be inadvertently signing their companies up to terms of service or using a web service without a suitable agreement. Using these services can expose a company to compliance, security, data privacy, and operational risks that could disrupt or severely affect the business. As part of the tech M&A due diligence process, you should be aware of these web services-related risks so that you can make informed decisions about deal valuation and remediation.
 
Join us for a discussion about web services and how they can affect M&A and other transactions. We’ll cover:
 
• The legal compliance, data privacy, security, and business risks that come with web services
• Typical terms of service and common pitfalls
• Real-world examples of these risks
• How a buyer can get a better understanding of these risks in a target’s codebase or how a seller can prepare for diligence to avoid risks
 
Don’t miss this informative webinar. Register today.

Web Services & APIs: Impact on M&A and Other Transactions

Software due diligence is critical to understanding the risks in the software you’re acquiring, and planning for post-close. What’s in the code, including open source risks, security vulnerabilities, and software quality, as well as the process by which it was developed, matters with integration planning. With fast-moving deals and tight due diligence timelines, how does your due diligence playbook stack up?  

Join this fireside chat-style webinar for a discussion about the importance of software due diligence and best practices for mitigating risk in M&A. We’ll cover:  

• How audits can surface risk and what that means for a deal
• Why software due diligence is more than just an open source audit
• Implications of generative AI in software development
• Planning for success

Register today.

Software Due Diligence Best Practices: Ensuring Positive Outcomes in Tech M&A

Discover how Code Sight, an innovative IDE integration by Black Duck Software, empowers developers to write secure code with confidence. Join us to learn how this powerful tool performs local SAST and SCA analysis directly in your development environment, enabling your engineering team to shift left in the software development lifecycle. By identifying vulnerabilities early, Code Sight provides developers with actionable insights before code is checked in, reducing rework, and improving overall security.

Build Secure Code Faster: Real-Time Vulnerability Scanning with Code Sight

The Common Vulnerabilities and Exposures (CVE) system allows interested parties to track all the relevant information about a specific vulnerability. It helps avoid duplication and allows software vendors and users alike to ensure that they are referring to the same vulnerability in their efforts to protect systems against attack. 

In this 15 minute session, you’ll gain
• An understanding of what the CVE system is
• Knowledge of the stakeholders involved 
• Insight into the elements of a CVE ID
• A walkthrough of the CVE Record Lifecycle

CVE Explained

The world of application security can be overwhelming for newcomers. The technical jargon, complex solutions, and confusing methodologies make it hard to navigate. It’s essential to understand threat modeling and threat and risk analysis, but that can be difficult without the right guidance.

Here’s the good news: threat modeling at its core is intuitive and adaptable. With the right approach, it can be a powerful tool that helps you understand risks and make informed security decisions while aligning with your organization's unique needs.

In this webinar, we’ll break down the complexity of threat modeling. We'll address common questions and show why it’s a central part of application security. Participants will leave with a clear understanding of
• What threat modeling is and why it matters
• How to tailor threat modeling to fit your organization and industry
• Where to find resources for further learning and practical implementation

Threat Modeling: Charting Your Security Journey

In February 2024, the NIST Cybersecurity Framework (CSF) 2.0 update was released, featuring the latest advancements. This update brings a host of transformative changes, expanding the framework's scope. It also provides stronger governance and supply chain risk management. There are also refining metrics for assessing cybersecurity effectiveness. 

Join this webinar to learn about
• The long-anticipated CSF 2.0 update
• The implications of the changes in the 2.0 update 
• Leveraging these changes to improve current cybersecurity programs

Embracing the Future of Cybersecurity with NIST CSF 2.0

Gone are the days when you only had to worry about the code your developers are writing. Now you have to think about a complex supply chain, which includes everything from open source dependencies and APIs to containers, infrastructure-as-code, and CI/CD toolchains. Recent supply chain attacks, along with the U.S. executive order on cybersecurity, have organizations re-evaluating the security of their software supply chains. 

In this webinar, our expert panelists will discuss 
• Why securing your supply chain means more than having an accurate software Bill of Materials (SBOM)
• What the executive order and other initiatives mean for software producers and consumers
• What security and development teams need to do to manage new and evolving supply chain threats

Learn what you can do to enhance the security of your software supply chain. Register now.

Securing the Software Supply Chain: More Than Just an SBOM?

Securing your software supply chain begins with knowing what’s in your code. With AI-generated code and ubiquitous open source software use, it’s never been more critical to understand what risks your software may contain. In fact, last year alone we found that 81% of codebases contained a high-/critical risk vulnerability.
 
Join this webinar as we explore the findings from the 2025 “Open Source Security and Risk Analysis” report. We’ll cover:
 
• The state of open source software security
• Tips for mitigating risks and keeping vulnerabilities out of your supply chain
• How to protect against security and IP risks from AI coding tools

The 2025 Guide to Open Source Security and Risk

Forcing AppSec tests into developer pipelines, without aligning them to their preferred tools, can lead to inefficiencies and security oversights. Security teams need full risk visibility and developers need to meet shipping deadlines. While developers should not take full responsibility for security testing, they must be able to initiate, support, and benefit from it without changing their existing workflows. 

The most effective and efficient way to accomplish this is with out-of-the-box integrations and security testing templates that work natively with leading DevOps platforms like GitHub, GitLab, and Azure DevOps (ADO) to automate critical AppSec tests and quickly close feedback loops with developers. Join Black Duck as we discuss: 

Using DevOps platforms’ automation templates to embed AppSec into CI pipelines 

- Making security scans and fix pull requests an automatic part of dev workflows 
- Reducing risk and issue backlogs with developer security training and clear fix guidance 
- Accelerating AppSec using AI-enabled DevOps and security tools 

Start making life easier for developers and AppSec teams with integrated security testing for GitHub, GitLab, ADO, and more.

Developer-First Security: How to Automate Security Tests with GitHub, GitLab, and more

Securing your software supply chain requires that you analyze dependencies for risk, harden your development pipeline, and secure the artifacts that you deploy or ship to customers. Are you prepared for the four common attack vectors that bad actors exploit?  

In this webinar, we’ll look at different types of software supply chain attacks and discuss:    

• The riskiest points of your software development lifecycle 
• Real-world examples of how attackers take advantage of upstream dependencies and build automation 
• Crucial tools and processes to help you avoid falling victim to supply chain attacks

Don’t Take the Bait: Four Software Supply Chain Attacks

Do you know how to navigate the risks of AI-powered development? How can you establish secure DevSecOps initiatives?  
  
This presentation will highlight key aspects of the latest AI-trends and the risk implications for business operations. Get crucial insights from a roundtable discussion with industry leaders from NTT DATA Italy and AppSec Application Security Services. Key takeaways include
 
- Understanding the potential security risks of AI-powered development 
- Strategies for establishing consistent and scalable DevSecOps initiatives in AI-powered development 
- Empowering developers to create secure software

Navigating the Risks of AI-Powered Development for Secure Software

Security is the result of implementing the tools, personnel, and insight necessary to make informed decisions to mitigate risks within the software you create and the assets you consume through the software supply chain. While this process can be elaborate, rapid releases and CI/CD methodologies require that AppSec move at the speed of DevOps.

Achieving this is only possible with integrated controls and mechanisms to detect, prioritize, and address security issues at every stage in the SDLC and CI/CD pipelines. But how do you get there?

Join us as we recommend ways to establish security within DevOps without sacrificing efficiency. We’ll discuss:
- Pitfalls that can derail an organization’s AppSec initiative
- Strategies for overcoming obstacles to efficient, effective DevSecOps
- Recommendations for realizing integrated DevSecOps at scale

Security at Every Stage: Integrating AppSec for Efficient DevSecOps

Generative artificial intelligence (GAI) will fundamentally change the way that software is built. Whether they are developing or using AI tools, organizations must understand the opportunities and risks involved, and evolve governance, policies and processes to address those risks.

Join this webinar for a deep dive into the issues that arise when using GAI in software development. We’ll cover:

• Open source data and software licenses and risks with AI
• Licensing and clearance considerations for materials used to train AI models
• Licensing considerations in building, training, and using AI models
• A deep dive on GitHub Copilot, including implications of the class action suit

Generative AI, Training Data, Open Source, and GitHub Copilot, Oh My!

As with all things tech, software development has been in a constant state of evolution since its infancy. Generative AI, however, has the potential to disrupt software development as we know it.
There are significant benefits offered by generative AI, but there are risks as well, including security risks. In its brief history, AI has generated buggy code, taken code from open source repositories without licensing considerations, and generated incorrect code.
In this webinar, you will learn
• What AI is and how it is used in the SDLC
• The ways AI is changing how software is being built
• The risks, drawbacks, and concerns of using AI
• How to benefit from AI while managing risks

How Generative AI is Changing the SDLC

Generative AI continues to reshape industries, but with its rapid adoption comes an equally fast-evolving set of security challenges. Infosec teams and organizational leaders are under increasing pressure to address these risks effectively.
 
Join us for a forward-looking session that draws on Black Duck’s extensive experience with clients and partners to provide valuable insights into managing AI/ML security in the coming year. This webinar will explore the shift from hype to practical implementation of generative AI, the sophisticated threat landscape targeting AI/ML systems, and key updates to the OWASP LLM Top 10 for 2025.
 
In this high-level discussion, you’ll gain:
- Lessons learned from real-world engagements with AI/ML security in 2024.
- Insights into the evolving threat landscape and its implications for AI/ML systems.
- A deeper understanding of critical changes in the OWASP LLM Top 10 for 2025.

Navigating AI/ML Security: The Essentials for 2025

As artificial intelligence (AI) continues to revolutionize software development, the integration of AI-driven coding tools has become increasingly prevalent. However, this rapid adoption brings new challenges and opportunities in the realm of application security.

This session will explore the evolving landscape of AI-assisted coding and its implications for secure software development. Attendees will gain insights into common security vulnerabilities introduced by AI-generated code and learn best practices for mitigating these risks.
Key topics will include:

-Security Risks and Challenges: Identifying and addressing security vulnerabilities in AI-generated code.
-Best Practices for Secure AI Coding: Strategies for integrating security into the AI-driven development process.
-Future Trends: The evolving role of developers in an AI-centric coding environment and the importance of continuous security education.

Application Security in the Age of AI-Driven Coding

Open source is widely used in software development because it allows you to create high-quality software quickly - especially with the use of AI-assisted coding tools. But if left unmanaged, open source can lead to license compliance issues as well as security and code quality risks. Whether you’re on the buy side or sell side, these risks could negatively affect valuation in an M&A transaction.

Join this webinar for an inside look at the data Black Duck Audits complied in 2024 from the hundreds of tech transactions and thousands of codebases we audited. We’ll cover:

• Open source license and security risks by the numbers
• Why audits have become the norm in M&A tech due diligence
• How you can get a complete picture of open source risks

By the Numbers: 2025 Open Source Risk in M&A

Open Source Software Audit vs Scan: What’s Right for M&A?

What the EU Cyber Resilience Act Means for AppSec

Four Types of Supply Chain Attacks Development Teams Should Worry About

By the Numbers: Software Supply Chain Security Risks

How Many Types of SBOM Are There?

Demystifying SBOMs: Navigating Legislation and Processes

The Four Truths of Securing Your Software Supply Chain

SBOMs and SPDX: Now and in the Future

SBOMS and the Modern Enterprise Software Supply Chain

What Is Software Composition Analysis?

Demystifying SBOM: More Than Just an Artifact?

Benefits of an SBOM Across the Software Supply Chain

SBOMs: What’s in your software ingredients list?

There is a lot of talk about SBOMs (Software Bills of Materials) and Software Supply Chains, as well as emerging software security requirements being developed in the US and EU.  At the same time many organizations continue to be caught unprepared to respond when new OSS vulnerabilities like those in Log4J are disclosed. Confused on where to focus? 

You are not alone. In this session, we’ll help you navigate the path from SCA to SBOM management to Software Supply Chain Security.

Software Supply Chain Risk Management: The New EU and US SBOM Regulation

Application Security

Software Supply Chain

SBOM

Software Composition Analysis

AppSec

Supply Chain

IT Security

Security

Cyber Attacks

Intellectual property law is crucial to ensuring that you or your organization have exclusive rights to that assets that you’ve created. The BrightTALK intellectual property community has thousands of professionals focused on learning and exchanging information about intellectual property management, intellectual property software and how to protect intellectual property. Join the community for access to free, interactive presentations or attend live webinars to have your questions answered by IP lawyers and industry experts.

Intellectual Property

The legal community on BrightTALK combines the fields of employment law, e-discovery, intellectual property and environmental law to create a thriving ecosystem of legal resources. Attend live and on-demand webinars dealing with employment contract law, e-discovery solutions, intellectual property software and sustainable development from leading lawyers and legal professionals to gain knowledge in a wide range of fields. Join the community and be part of the conversation by attending live legal webinars and connecting with industry thought leaders.

Legal

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

Join thousands of engaged IT professionals in the application management community on BrightTALK. Interact with your peers in relevant webinars and videos on the latest trends and best practices for application lifecycle management, application performance management and application development.

Application Management

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Internal audit and compliance professionals are facing increasingly stringent regulatory requirements when it comes to compliance reporting and internal control procedures. Join the audit and compliance community to learn best practices from thought leaders on topics such as regulatory compliance, internal audit checklists and audit program strategies.

Audit and Compliance

Get powerful market trends insights that are shaping the M

Mergers and Acquisitions

The accounting and finance community on BrightTALK features presentations from leading accountants and finance professionals. The accounting community includes tax planning strategies, QuickBooks webinars and other accounting webinars, while the finance community features presentations on financial capital regulations and forensic data analytics. Join the conversation by attending live financial and accounting presentations and connecting with industry thought leaders.

Software Supply Chain Risk Management: The New EU and US SBOM Regulation

Presented by

About this talk

More from this channel