Name: How Many Types of SBOM Are There?
Start: 2024-03-28T06:00:00Z
End: 2024-03-28T06:00:39.000Z
Location: BrightTALK
Rating: 3.8

Synopsys Software Integrity Group provides integrated solutions that transform the way development teams build and deliver software, accelerating innovation while addressing business risk. Our industry-leading portfolio of software security products and services is the most comprehensive in the world and interoperates with third-party and open source tools, allowing organizations to leverage existing investments to build the security program that’s best for them. Only Synopsys offers everything you need to build trust in your software.

In today's fast-paced and ever-evolving cloud landscape, security is not just a necessity but a strategic enabler. To empower organizations to proactively prevent, detect, and respond to cloud security threats with precision and agility, cloud security solutions must scale on demand.  Automation in detection and remediation efforts must be in place to meet this requirement.
 
In this webinar, you’ll learn
- Why cloud detection and response (CDR) is necessary
- How CDR is typically performed
- What business outcomes and benefits CDR provides

Elevating Security in the Cloud: Detection and Response Unleashed

In January, the EU published the final version of the Cyber Resilience Act (CRA). While this won't come into force until late 2026, there are still actions you can take.  

The good news is most of what's required is already part of a mature modern AppSec programme.  

In this session we’ll cover some of what DevSecOps and product security teams should be planning for to address CRA, with lessons drawn from efforts present in highly regulated spaces in other jurisdictions.

What the CRA means to DevSecOps Teams

Artificial intelligence (AI) continues to push the frontiers of technology - and it's here to stay. It's influence on cybersecurity reveal a double-edged sword. AI is becoming a formidable enhancer of security measures. But with all new technologies, there is a downside to consider. AI is already used as a core tool in the arsenal of cybercriminals and its capabilities are harnessed to refine every aspect of cybercrime.

The more we see criminals that leverage AI, the more we realize that our defences are not yet equipped to counter Malicious-AI. So where does this leave us?

This session will shed light on how criminals exploit AI to elevate their malicious endeavours. Gain practical insights into the evolving landscape of cybercrime and the pivotal role of AI within it. Let's take a glimpse into a future where AI dominates the cybercrime landscape! Are you ready for the move?

How to Protect Yourself from AI Cybersecurity Nightmares

Organizations continue moving their business applications and services to the cloud. With this shift, you need solutions that can keep up with your development, deployment, and testing needs without breaking the bank. Moving to cloud-based application security testing (AST) solutions has often meant having to choose between breadth, ease-of-use, and scalability. That changes now.

Polaris® Software Integrity Platform provides all the benefits of a cloud-based solution without having to make compromises on the breadth, depth, or scale of their testing. In this webinar, we’ll give you a tour of the future of AppSec and discuss how you can

- Embed continuous security in your development, QA, and DevOps workflows
- Manage security testing across teams, applications, and scan types 
- Gain a comprehensive view into your portfolio and project AppSec risks

It’s Time for AppSec to Evolve

This year’s DevSecOps Report defines a vivid image of organizations’ journey to secure their software development pipelines, with intriguing conclusions about challenges, success factors, and risk exposure across industries and maturities. Integrating security controls across the development lifecycle and CI pipelines establishes mechanisms for rapid risk detection, accelerated remediation, and automated security gates. But aligning development, AppSec, and DevOps teams to realize a vision for secure DevOps requires a clear strategy. 

Join us as we examine the key findings from the Synopsys 2023 DevSecOps Survey and discuss: 

• The state of DevSecOps across roles and technologies
• What a maturing DevSecOps program looks like and which tools and practices foster growth
• Recommendations for how to integrate application security without impeding DevOps

Register today.

DevSecOps in the Wild: Examining Global Security Factors in 2023

Modern software development has completely transformed the way organizations operate and compete in the market. With the attack surface growing exponentially and the software supply chain becoming more complex due to developments like the rise of AI and increasing regulatory pressure, organizations are struggling to keep pace. 
 
In this webinar, learn how to remove complexity and ease the resource strain associated with securing modern software through consolidation initiatives. Join us with Accenture Security and Enterprise Strategy Group for a roundtable discussion on
 
• Key trends and core challenges associated with security tool proliferation
• Blueprints for taking a consolidation initiative beyond TCO to improving overall risk management
• Key learnings from actual customer consolidation journeys

AppSec Optimized! A Guide to AppSec Tool Consolidation

In a survey of your peers, the Ponemon Institute uncovered a stark reality:
 
Teams are struggling to secure software supply chains as fast as advances in things like AI are increasing developments ability to produce it. For example, 52% of organizations leverage AI tools to generate code. Yet only 32% say they have processes in place to evaluate it.  And less than half say they are effective in securing open source or evaluating the security of commercial software in their supply chain.
 
Where do you rank? 
 
Join the webinar to understand the state of software supply chain security and how you can help your team keep pace with managing it. We’ll cover:   
 
• How prepared organization are for supply chain attacks
• How to secure and manage open source and commercial software in your applications
• How things like AI and SBOM mandates are impacting security readiness

By the Numbers: Software Supply Chain Security Risks

Understanding the complexities of production testing is essential for any robust security strategy. Although conducting dynamic application security testing (DAST) in live environments is challenging, it is vital for ensuring application safety. This webinar bridges the gap between the daunting nature of production testing and its benefits.

Join our panel of experts to learn
- Common vulnerabilities that persist in production environments
- How to overcome challenges in configuration changes and supply chain vulnerabilities
- Real-world examples of how organizations have navigated these complexities

Secure Your Frontline: Start Continuous DAST in Production

Securing software takes teamwork—a unified approach from development through testing and into production. But each team has a distinct set of requirements and workflows that need to align to realize a concerted push for security. And while developers influence risk posture, they are often not trained in or focused on software security practices.

How can you make the effort that developers and DevOps teams are already putting in more valuable to the business? What's the best way to cultivate highly security-conscious developers so your software becomes more secure over time? Is there a way to derive tangible benefits for the business, the team, and the individual?

Join us as we break down a five-step process with real-world applicability. Topics include

• The critical distinction between developers' security awareness and their security capability
• Mechanisms to automate risk detection and accelerate remediation across the pipeline, including at the developer desktop
• How to establish security gates in DevOps pipelines in a way that doesn't derail development or lead to missed shipping deadlines
• How to create a DevSecOps initiative that can evolve with the business and enable developers to sustain security requirements as part of their day-to-day
• Ways to maximize security's value to the business and its customers

AppSec Automation: Five Steps to Achieving Developer-First Security

Open source and third-party software make up the bulk of code in today’s applications. Open source has become so integral to modern development that security and development teams struggle to identify all the components in their software. AI code generation only adds to the difficulty.  

From license compliance issues to security vulnerabilities to reliance on stagnant projects, it’s never been more critical to know what’s in your code. It’s table stakes for addressing these risks.  

Join this live webinar to hear top open source legal experts discuss how to minimize risks while leveraging open source in software development and M&A. We’ll cover:  

- Roots of open source 
- Examination of the risks 
- Overview of the most popular open source licenses  
- Guidelines for managing

Fundamentals of Open Source Risk Management

Join us for an insightful webinar that explores the dynamic landscape of application security. Learn about the alarming rise of supply chain attacks and the shifting tide of high-severity vulnerabilities, as well as the impact of these trends on organizations worldwide. Discover actionable strategies to combat these threats, including the importance of tool consolidation and fostering security champions within your teams. We'll cover
 
• The implications of supply chain attacks
• Effective tool consolidation strategies
• Empowering security champions to strengthen your defense

Securing Tomorrow - Navigating Trends in Application Security

The development process is now so elaborate, distributed, and fast-moving that it’s difficult for enterprises to fully understand and manage effectively, much less defend against attacks. Complex projects may require input from multiple teams that are often unaware of one another’s activities. They may use third-party code and open source that hasn’t been thoroughly vetted. And they may be written using automated tools and AI, which may not employ security best practices or unknowingly propagate weak or vulnerable code. 

Join experts from SANS and Synopsys as they discuss why a new approach to DevOps security is required—one that applies continuous testing to continuous development so that threats and vulnerabilities can be identified and mitigated across every step of the development process. 

Register today and be among the first to receive the associated whitepaper written by Chris Edmundson.

Sponsored by Synopsys

Shift Left to Shift Everywhere: Continuous Development's Impact on Security

The growth of software across every industry poses significant challenges for teams that need to keep up with the fast pace of innovation while making sure the software they put into production is secure. This has led to a proliferation of tools deployed by security teams. You may ask why? In simple terms, to tackle the increasing pressure of a larger and more sophisticated threat landscape. Ultimately, teams are now left with added complexity and friction in the SDLC and a bloated total cost of ownership (TCO).  

As a result, Gartner indicates an increase in organizations pursuing vendor consolidation from 29% in 2020 to 75% in 2022 to tackle the cost and complexity of present day AppSec programs. But, consolidating vendors is only one part of the equation. 

Join us, as we unlock the key to improving AppSec efficiency  in the era of rapid innovation. We delve into a differentiated approach to consolidation initiatives that extends beyond improving TCO.  

Join now and understand how to: 

- Streamline tools & processes to improve resource efficiency. 
- Focus your teams with prioritized risk data across your security program. 
- Deliver rapid, comprehensive risk insight for improved time to audit.

How to Improve AppSec Efficiency

Python is a fast, platform-agnostic, and easy-to-learn programming language that is suited for beginners and experienced developers alike. Ever since its first release in 1991, Python has had a constant presence in the computer world and has become a go-to language thanks to its easy-to-understand code and versatility. Today, Python can boast a wide array of libraries and frameworks, and they are the cornerstone of fast and easy Python programming—the so-called Pythonic way of development.
 
But like all programming languages, Python is not immune to security threats. Secure coding best practices must be adopted to avoid risks from attackers. In this webinar, we’ll explore Python security best practices that should employed when building secure application.

Python 101

AI coding assistants, such as Microsoft CoPilot and ChatGPT, will fundamentally change the way teams build software, much like open source software has over the last decade. As with open source, teams seeking the benefits of AI will also need to take precautions to address the security, quality, and intellectual property risks that come with the use of AI-generated code. Is your team ready for AI? 

In this webinar, we'll explore: 

Key risks teams might encounter using coding assistants 

Safeguards needed for confident use of AI-generated code

Keeping Pace: Managing the risks of AI-generated code

Explore the current hype around software Bills of Materials (SBOMs), driven by new and upcoming legislation in the EU and elsewhere mandating their use across vendors, suppliers, and customers. Delve into the diverse capabilities required for SBOMs, varying by sector, jurisdiction, and supply chain position. This presentation will highlight key aspects of SBOM compliance, featuring crucial insights and a roundtable discussion with industry leaders IBM and Continental.

Together, we’ll address

- How to decipher legislative implication for SBOMs
- Streamlining effective SBOM processes
- Strategic insights for successful implementation

Demystifying SBOMs: Navigating Legislation and Processes

Vulnerabilities pose a vast threat to the security of software, systems, and users, and the number of vulnerabilities discovered is increasing year-on-year. Understanding the life cycle of vulnerabilities can help you track, manage, and mitigate these threats effectively. 
 
In this session, you'll gain
• Knowledge of the life cycle of a vulnerability, including examples
• An understanding of why managing vulnerabilities at each stage is crucial
• Awareness of how vulnerabilities are handled in the public and private domains
• Insight into the methods used to manage and fix vulnerabilities

Life Cycle of a Vulnerability

The 2023 Open Source Year in Review

The Four Truths of Securing Your Software Supply Chain

Managing Software Risks in the Age of AI-Generated Code

Deep Dive: Software Supply Chain Threats

The 2024 Guide to Open Source Security and Risk

Your Software Supply Chain is Only as Secure as its Weakest Link

By the Numbers: 2024 Open Source Risk in M&A

Black Duck Snippet Matching and Generative AI Models

SBOMs and SPDX: Now and in the Future

What the EU Cyber Resilience Act Means for AppSec

SBOMS and the Modern Enterprise Software Supply Chain

What Is Software Composition Analysis?

Coffee with a Slice of SBOM

Addressing software liability in the public sector

Takeaways from Recent Software Supply Chain Developments

Take Action: Putting Open Source Risk Management Policies to Work

Open Source: A Key Link in the Software Supply Chain

The Ultimate Guide to Managing Open Source

As far as the Cybersecurity and Infrastructure Security Agency (CISA) is concerned, there are six types of SBOMs that can be created for a single application or piece of software; neither of which will be identical. While CISA doesn’t have a favorite type of SBOM, you may find that your organization, vendors, or customers prefer some over others. As such, it’s important to understand what to expect from each type, how to generate them, and be prepared to reconcile the differences across them.

Learning objectives:
• Become familiar with the six types of SBOM
• Understand the benefits and limitations of each type
• Know the methods and tools required to generate each type

How Many Types of SBOM Are There?

SBOMs

Software Bill of Materials

Software Security

Application Management

Application Development

SDLC

Open Source

Dependencies

SBOM Management

Intellectual property law is crucial to ensuring that you or your organization have exclusive rights to that assets that you’ve created. The BrightTALK intellectual property community has thousands of professionals focused on learning and exchanging information about intellectual property management, intellectual property software and how to protect intellectual property. Join the community for access to free, interactive presentations or attend live webinars to have your questions answered by IP lawyers and industry experts.

Intellectual Property

The legal community on BrightTALK combines the fields of employment law, e-discovery, intellectual property and environmental law to create a thriving ecosystem of legal resources. Attend live and on-demand webinars dealing with employment contract law, e-discovery solutions, intellectual property software and sustainable development from leading lawyers and legal professionals to gain knowledge in a wide range of fields. Join the community and be part of the conversation by attending live legal webinars and connecting with industry thought leaders.

Legal

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

Join thousands of engaged IT professionals in the application management community on BrightTALK. Interact with your peers in relevant webinars and videos on the latest trends and best practices for application lifecycle management, application performance management and application development.

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Internal audit and compliance professionals are facing increasingly stringent regulatory requirements when it comes to compliance reporting and internal control procedures. Join the audit and compliance community to learn best practices from thought leaders on topics such as regulatory compliance, internal audit checklists and audit program strategies.

Audit and Compliance

Get powerful market trends insights that are shaping the M

Mergers and Acquisitions

The accounting and finance community on BrightTALK features presentations from leading accountants and finance professionals. The accounting community includes tax planning strategies, QuickBooks webinars and other accounting webinars, while the finance community features presentations on financial capital regulations and forensic data analytics. Join the conversation by attending live financial and accounting presentations and connecting with industry thought leaders.

How Many Types of SBOM Are There?

Presented by

About this talk

More from this channel