Name: Vulnerability Scoring 101
Start: 2024-04-18T18:00:00Z
End: 2024-04-18T18:00:27.000Z
Location: BrightTALK
Rating: 5

Synopsys Software Integrity Group provides integrated solutions that transform the way development teams build and deliver software, accelerating innovation while addressing business risk. Our industry-leading portfolio of software security products and services is the most comprehensive in the world and interoperates with third-party and open source tools, allowing organizations to leverage existing investments to build the security program that’s best for them. Only Synopsys offers everything you need to build trust in your software.

In today's fast-paced and ever-evolving cloud landscape, security is not just a necessity but a strategic enabler. To empower organizations to proactively prevent, detect, and respond to cloud security threats with precision and agility, cloud security solutions must scale on demand.  Automation in detection and remediation efforts must be in place to meet this requirement.
 
In this webinar, you’ll learn
- Why cloud detection and response (CDR) is necessary
- How CDR is typically performed
- What business outcomes and benefits CDR provides

Elevating Security in the Cloud: Detection and Response Unleashed

Esplorare l'attuale situazione delle distinte base del software (SBOM), guidata dalla nuova e imminente legislazione nell'UE e altrove che ne impone l'uso da parte di venditori, fornitori e clienti. Approfondite le diverse capacità richieste per le distinte base, che variano a seconda del settore, della giurisdizione e della posizione nella catena di fornitura. Questa presentazione metterà in luce gli aspetti chiave della conformità agli SBOM, con approfondimenti cruciali e una tavola rotonda con i leader del settore IBM e Continental.  

Insieme, affronteremo:
- Come decifrare le implicazioni legislative per i SBOM;
- Semplificare i processi SBOM efficaci;
- Approfondimenti strategici per un'implementazione di successo.

Demistificare gli SBOM: Navigazione nella legislazione e nei processi

In January, the EU published the final version of the Cyber Resilience Act (CRA). While this won't come into force until late 2026, there are still actions you can take.  

The good news is most of what's required is already part of a mature modern AppSec programme.  

In this session we’ll cover some of what DevSecOps and product security teams should be planning for to address CRA, with lessons drawn from efforts present in highly regulated spaces in other jurisdictions.

What the CRA means to DevSecOps Teams

Artificial intelligence (AI) continues to push the frontiers of technology - and it's here to stay. It's influence on cybersecurity reveal a double-edged sword. AI is becoming a formidable enhancer of security measures. But with all new technologies, there is a downside to consider. AI is already used as a core tool in the arsenal of cybercriminals and its capabilities are harnessed to refine every aspect of cybercrime.

The more we see criminals that leverage AI, the more we realize that our defences are not yet equipped to counter Malicious-AI. So where does this leave us?

This session will shed light on how criminals exploit AI to elevate their malicious endeavours. Gain practical insights into the evolving landscape of cybercrime and the pivotal role of AI within it. Let's take a glimpse into a future where AI dominates the cybercrime landscape! Are you ready for the move?

How to Protect Yourself from AI Cybersecurity Nightmares

Organizations continue moving their business applications and services to the cloud. With this shift, you need solutions that can keep up with your development, deployment, and testing needs without breaking the bank. Moving to cloud-based application security testing (AST) solutions has often meant having to choose between breadth, ease-of-use, and scalability. That changes now.

Polaris® Software Integrity Platform provides all the benefits of a cloud-based solution without having to make compromises on the breadth, depth, or scale of their testing. In this webinar, we’ll give you a tour of the future of AppSec and discuss how you can

- Embed continuous security in your development, QA, and DevOps workflows
- Manage security testing across teams, applications, and scan types 
- Gain a comprehensive view into your portfolio and project AppSec risks

It’s Time for AppSec to Evolve

This year’s DevSecOps Report defines a vivid image of organizations’ journey to secure their software development pipelines, with intriguing conclusions about challenges, success factors, and risk exposure across industries and maturities. Integrating security controls across the development lifecycle and CI pipelines establishes mechanisms for rapid risk detection, accelerated remediation, and automated security gates. But aligning development, AppSec, and DevOps teams to realize a vision for secure DevOps requires a clear strategy. 

Join us as we examine the key findings from the Synopsys 2023 DevSecOps Survey and discuss: 

• The state of DevSecOps across roles and technologies
• What a maturing DevSecOps program looks like and which tools and practices foster growth
• Recommendations for how to integrate application security without impeding DevOps

Register today.

DevSecOps in the Wild: Examining Global Security Factors in 2023

Modern software development has completely transformed the way organizations operate and compete in the market. With the attack surface growing exponentially and the software supply chain becoming more complex due to developments like the rise of AI and increasing regulatory pressure, organizations are struggling to keep pace. 
 
In this webinar, learn how to remove complexity and ease the resource strain associated with securing modern software through consolidation initiatives. Join us with Accenture Security and Enterprise Strategy Group for a roundtable discussion on
 
• Key trends and core challenges associated with security tool proliferation
• Blueprints for taking a consolidation initiative beyond TCO to improving overall risk management
• Key learnings from actual customer consolidation journeys

AppSec Optimized! A Guide to AppSec Tool Consolidation

网络安全是SDV时代面临的重大挑战，软件供应链安全治理是这个时代的焦点。应该如何认识软件供应链安全对智能网联汽车的价值？应该如何把握软件供应链安全的核心？应该如何考量软件供应链安全治理方案？除广义软件供应链安全治理外，又该如何把握以自由与开源软件（FOSS）为主体的狭义软件供应链安全治理的要点？本主题将针对上述内容进行总结和分享。

SDV时代的软件供应链安全

In a survey of your peers, the Ponemon Institute uncovered a stark reality:
 
Teams are struggling to secure software supply chains as fast as advances in things like AI are increasing developments ability to produce it. For example, 52% of organizations leverage AI tools to generate code. Yet only 32% say they have processes in place to evaluate it.  And less than half say they are effective in securing open source or evaluating the security of commercial software in their supply chain.
 
Where do you rank? 
 
Join the webinar to understand the state of software supply chain security and how you can help your team keep pace with managing it. We’ll cover:   
 
• How prepared organization are for supply chain attacks
• How to secure and manage open source and commercial software in your applications
• How things like AI and SBOM mandates are impacting security readiness

By the Numbers: Software Supply Chain Security Risks

Understanding the complexities of production testing is essential for any robust security strategy. Although conducting dynamic application security testing (DAST) in live environments is challenging, it is vital for ensuring application safety. This webinar bridges the gap between the daunting nature of production testing and its benefits.

Join our panel of experts to learn
- Common vulnerabilities that persist in production environments
- How to overcome challenges in configuration changes and supply chain vulnerabilities
- Real-world examples of how organizations have navigated these complexities

Secure Your Frontline: Start Continuous DAST in Production

Securing software takes teamwork—a unified approach from development through testing and into production. But each team has a distinct set of requirements and workflows that need to align to realize a concerted push for security. And while developers influence risk posture, they are often not trained in or focused on software security practices.

How can you make the effort that developers and DevOps teams are already putting in more valuable to the business? What's the best way to cultivate highly security-conscious developers so your software becomes more secure over time? Is there a way to derive tangible benefits for the business, the team, and the individual?

Join us as we break down a five-step process with real-world applicability. Topics include

• The critical distinction between developers' security awareness and their security capability
• Mechanisms to automate risk detection and accelerate remediation across the pipeline, including at the developer desktop
• How to establish security gates in DevOps pipelines in a way that doesn't derail development or lead to missed shipping deadlines
• How to create a DevSecOps initiative that can evolve with the business and enable developers to sustain security requirements as part of their day-to-day
• Ways to maximize security's value to the business and its customers

AppSec Automation: Five Steps to Achieving Developer-First Security

Security issues in DevOps often arise due to conflicting aims between developers and security professionals, with developers aiming for rapid product pipeline completion and security teams focusing on preventing vulnerabilities. 
  
How do we achieve this in the real world? How can organizations remove complexity, reduce costs, and improve scalability without compromising security? 
  
Polaris Software Integrity Platform® offers a full suite of AppSec solutions from SAST, SCA to DAST. In this webinar, explore our latest addition Polaris fAST Dynamic, tailored for modern web applications. 
  
We will also showcase Polaris Assist, an AI-powered application security assistant on the Polaris platform. Polaris Assist combines decades of real-world insights with a powerful large language model (LLM) that gives security and development teams easy-to-understand summaries of detected vulnerabilities and code fix recommendations to help them build secure software faster. 
  
Join us and learn what the next generation of easy, fast, and automated application security can do to seamlessly integrate with any environment your teams are working in.

The Future of Automation AppSec with Polaris Assist powered by AI

Open source and third-party software make up the bulk of code in today’s applications. Open source has become so integral to modern development that security and development teams struggle to identify all the components in their software. AI code generation only adds to the difficulty.  

From license compliance issues to security vulnerabilities to reliance on stagnant projects, it’s never been more critical to know what’s in your code. It’s table stakes for addressing these risks.  

Join this live webinar to hear top open source legal experts discuss how to minimize risks while leveraging open source in software development and M&A. We’ll cover:  

- Roots of open source 
- Examination of the risks 
- Overview of the most popular open source licenses  
- Guidelines for managing

Fundamentals of Open Source Risk Management

Join us for an insightful webinar that explores the dynamic landscape of application security. Learn about the alarming rise of supply chain attacks and the shifting tide of high-severity vulnerabilities, as well as the impact of these trends on organizations worldwide. Discover actionable strategies to combat these threats, including the importance of tool consolidation and fostering security champions within your teams. We'll cover
 
• The implications of supply chain attacks
• Effective tool consolidation strategies
• Empowering security champions to strengthen your defense

Securing Tomorrow - Navigating Trends in Application Security

The development process is now so elaborate, distributed, and fast-moving that it’s difficult for enterprises to fully understand and manage effectively, much less defend against attacks. Complex projects may require input from multiple teams that are often unaware of one another’s activities. They may use third-party code and open source that hasn’t been thoroughly vetted. And they may be written using automated tools and AI, which may not employ security best practices or unknowingly propagate weak or vulnerable code. 

Join experts from SANS and Synopsys as they discuss why a new approach to DevOps security is required—one that applies continuous testing to continuous development so that threats and vulnerabilities can be identified and mitigated across every step of the development process. 

Register today and be among the first to receive the associated whitepaper written by Chris Edmundson.

Sponsored by Synopsys

Shift Left to Shift Everywhere: Continuous Development's Impact on Security

The growth of software across every industry poses significant challenges for teams that need to keep up with the fast pace of innovation while making sure the software they put into production is secure. This has led to a proliferation of tools deployed by security teams. You may ask why? In simple terms, to tackle the increasing pressure of a larger and more sophisticated threat landscape. Ultimately, teams are now left with added complexity and friction in the SDLC and a bloated total cost of ownership (TCO).  

As a result, Gartner indicates an increase in organizations pursuing vendor consolidation from 29% in 2020 to 75% in 2022 to tackle the cost and complexity of present day AppSec programs. But, consolidating vendors is only one part of the equation. 

Join us, as we unlock the key to improving AppSec efficiency  in the era of rapid innovation. We delve into a differentiated approach to consolidation initiatives that extends beyond improving TCO.  

Join now and understand how to: 

- Streamline tools & processes to improve resource efficiency. 
- Focus your teams with prioritized risk data across your security program. 
- Deliver rapid, comprehensive risk insight for improved time to audit.

How to Improve AppSec Efficiency

Python is a fast, platform-agnostic, and easy-to-learn programming language that is suited for beginners and experienced developers alike. Ever since its first release in 1991, Python has had a constant presence in the computer world and has become a go-to language thanks to its easy-to-understand code and versatility. Today, Python can boast a wide array of libraries and frameworks, and they are the cornerstone of fast and easy Python programming—the so-called Pythonic way of development.
 
But like all programming languages, Python is not immune to security threats. Secure coding best practices must be adopted to avoid risks from attackers. In this webinar, we’ll explore Python security best practices that should employed when building secure application.

Python 101

The Common Vulnerability Scoring System (CVSS) helps you decide which vulnerabilities you should be most concerned about. This isn’t to say that the CVSS will make prioritization decisions for you, but it will give you one piece of information you need to make informed decisions that are best for your organization.

In this session, you'll gain:
• An understanding of CVSS, its metrics, and scoring process
• Insight into CVSS's history and role in vulnerability management
• A walkthrough of scoring a vulnerability's severity
• Knowledge of how CVSS is used in vulnerability management

Vulnerability Scoring 101

Vulnerabilities

Application Development

Vulnerability Management

Vulnerability Scanning

NIST

CISO

Vulnerability Intelligence

Application Security

Information Security

Cyber Security

Intellectual property law is crucial to ensuring that you or your organization have exclusive rights to that assets that you’ve created. The BrightTALK intellectual property community has thousands of professionals focused on learning and exchanging information about intellectual property management, intellectual property software and how to protect intellectual property. Join the community for access to free, interactive presentations or attend live webinars to have your questions answered by IP lawyers and industry experts.

Intellectual Property

The legal community on BrightTALK combines the fields of employment law, e-discovery, intellectual property and environmental law to create a thriving ecosystem of legal resources. Attend live and on-demand webinars dealing with employment contract law, e-discovery solutions, intellectual property software and sustainable development from leading lawyers and legal professionals to gain knowledge in a wide range of fields. Join the community and be part of the conversation by attending live legal webinars and connecting with industry thought leaders.

Legal

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

Join thousands of engaged IT professionals in the application management community on BrightTALK. Interact with your peers in relevant webinars and videos on the latest trends and best practices for application lifecycle management, application performance management and application development.

Application Management

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Internal audit and compliance professionals are facing increasingly stringent regulatory requirements when it comes to compliance reporting and internal control procedures. Join the audit and compliance community to learn best practices from thought leaders on topics such as regulatory compliance, internal audit checklists and audit program strategies.

Audit and Compliance

Get powerful market trends insights that are shaping the M

Mergers and Acquisitions

The accounting and finance community on BrightTALK features presentations from leading accountants and finance professionals. The accounting community includes tax planning strategies, QuickBooks webinars and other accounting webinars, while the finance community features presentations on financial capital regulations and forensic data analytics. Join the conversation by attending live financial and accounting presentations and connecting with industry thought leaders.

Vulnerability Scoring 101

Presented by

About this talk

More from this channel