Name: OWASP Top 10 | Understanding IT and Using IT
Start: 2025-04-14T17:33:00Z
End: 2025-04-14T17:33:16.000Z
Location: BrightTALK
Rating: 3

Black Duck is now defining the next frontier of application security. With the avalanche of AI-generated code plus expanding regulatory pressure, you need solutions that can scale, adapt, and keep pace with the demands of your business.

Black Duck meets the demands of modern software development with True Scale Application Security. In the cloud or on-prem, 100,000 lines of code or 100 million. For safety-critical systems with stringent compliance requirements or modern web apps deploying 100 times per day. Our flexible, scalable, high-precision solutions enable you to code with confidence.

Gain insights into important legal developments from two of the leading open source legal experts, Tony Decicco, Principal at GTC Law Group & Affiliates and Chris Stevenson, Of Counsel at DLA Piper.

This annual review will highlight the most significant legal developments related to open source software in 2025, focusing on topics that were resolved, those that got started, and what we can expect to see in coming years.

The 2025 Open Source Year in Review

The tech M&A landscape is rapidly evolving with the pervasive integration of AI into target company applications. As machine learning, Generative AI, and other intelligent technologies become central to innovation, traditional software due diligence is no longer enough. This session addresses the critical new dimensions of risk and opportunity that AI introduces to acquisitions.

Join us for a practical framework designed to equip M&A principals and legal counsel with the tools to thoroughly assess AI-driven targets. We’ll dive into the essential areas you must explore, from evaluating model provenance and performance to navigating complex data governance and ethical considerations.

Key takeaways will include how-to effectively assess:

• AI Footprint: Understanding the strategic implementation and problem-solving capabilities of AI.
• Security Risks: Comprehensive data protection, access control, and penetration testing for AI systems.
• Legal & IP Risks: Clarifying model and training data ownership, alongside API terms.
• Quality & Reliability Risks: Ensuring performance, effective retraining, and model explainability.
• Regulatory & Compliance Risks: Navigating emerging regulations like the EU AI Act and critical data privacy concerns.

M&A's New Frontier: Assessing AI Software Risk in Your Next Deal

AI coding assistants and open source AI models are revolutionizing productivity and innovation. But these new resources introduce a systemic challenge that impacts the entire pipeline. How do we embrace innovation without introducing invisible risk at astonishing scale? Does AI-enabled development threaten the value of the assets that drive your business? This session shows the results of a new study on this shared reality. It shows a way to get security and compliance done that doesn’t stop development teams.
We’ll address the main worries of technology executives and effective approaches to handling risks caused by AI. It's time to align development and security teams. You may ask how? Through integrated tools that make secure coding a natural part of daily workflows.
What’s in it for you?
• Gain exclusive insights from new research on AI adoption and its security implications
• Learn practical strategies to manage AI-generated risks in development pipelines
• Discover how to align Security and Development for frictionless, secure innovation

Secure or Sorry? What AppSec Leaders Must Know About AI Adoption

Open source software powers modern development—but it also introduces risks. From direct and transitive dependencies to container images, these risks can enter your applications in many ways, often without full visibility. 

Join this webinar to learn

• The common entry points for open source in your applications
• The risks of unmanaged open source, including vulnerabilities and license issues
• Best practices for securing and governing open source usage
• Tools and strategies for maintaining compliance and visibility

Whether you're a developer, security professional, or compliance lead, this session will help you build safer, more resilient software.

The Open Source Wildcard: Don't Roll the Dice on Risk

AI-enabled development tools and coding assistants are pushing CI pipelines, fueling innovation, and iterating business-critical software faster than ever before. Security teams are now forced to catch up. The burden to remedy AI tools often weak coding practices and to overcome their ignorance to third-party vulnerabilities and licenses is further complicated by developers' implicit trust in their output and an intrinsic incompatibility between AppSec and Dev teams' primary role: to ship functional code quickly.  

Enterprises can no longer treat development and AppSec workflows as separate entities. To unify them, however, requires fast, reliable, automated ways to evaluate every line of code that flows through the pipeline and to provide immediate access to fix methods. This only manifests with integrated security gates across CI/CD pipelines, aligned to risk-tolerance standards and optimized to maintain the speed benefits of AI-enabled development.  

Join us as we analyze DevSecOps in the age of AI and structure a viable strategy that accounts for:  

- Software security and license compliance issues introduced, at speed, by AI coding assistants  
- The dissonance between the adoption of AI-enabled dev tools and AppSec's preparedness to secure their output  
- Business priorities that span development, security, legal, and executive requirements

AI's IOU: Maximizing value from AI without paying for it later

With software development accelerating in the AI era, there are even more sources of vulnerabilities to track. Managing this is an enormously complex task, as organizations are already struggling to unify data across disparate tools for testing, SCM, and reporting. As more organizations adopt AI-assisted development, existing issues with fragmented risk visibility will only get bigger. 
 
In this webinar, you will learn about capabilities for achieving a high-fidelity, organizational view of risk posture to better streamline auditing, visualize AppSec gaps, and identify your most vulnerable software. We will talk about necessary capabilities for aggregating key sources of data, standardizing risk scoring, and how you can set up the right technical foundations for success.

Contextualizing Risk in the Age of AI Development

AppSec teams are being stretched to the limit trying to keep up with the pace, volume and complexity of modern application development. Current trends in software development – the transformative role AI, the increasingly complex and vulnerable software supply chain, and the mounting requirement to both scale and focus security issue remediation – help shed light on what measures organizations need to put in place to stay ahead.     

In this session we will outline these trends and provide data and insights from our research into them. We will also outline practical steps you can take now to position yourselves to manage the evolving requirements of Application Security.

The State of AppSec & Beyond

Join two of our cybersecurity experts for a lightning round that cuts through the hype and addresses the immediate challenges of AI in software development. We'll explore the paradigm shift that is reshaping creativity and problem-solving in development, the new frontier of AI-influenced software risk, and discuss ways in which AI coding assistants and open source AI models form the next evolution of the software supply chain crisis.
 
This session charts a course from high-level business concerns directly to the developer experience, examining:
- The business and contractual liabilities that arise when AI-generated code enters your products.
- New, instinct-driven "vibe programming" and the debate over whether this emerging methodology is a sustainable path to innovation or a source of unpredictable risk.
- How AI coding assistance alters hiring strategies and the critical role of code review by security-capable developers in an AI-driven workflow.
- Emerging attack vectors tied to the growing use of open-source AI models.
- Viable paths forward to harness the power of AI, manage its inherent risks, and minimize organizational disruption by establishing resilient and scalable safety nets within your pipeline.

AI-Assisted Disruption: How Change Impacts Dev and Sec as Organizations Pivot to AI

Application security hasn’t gotten any simpler—especially as AI accelerates the way software is built. More code, more complexity, and more fragmented tooling make it harder to answer a basic question: Where are we exposed?  

This session explores how teams can regain clarity at the first step of any risk management program. That means identifying what’s running, what’s been tested, and what needs attention. We’ll look at how automation, speed, and policy can work together to improve visibility without slowing delivery.  

As part of Black Duck’s broader approach to application risk management, we’ll also show how solutions like Black Duck Polaris™ Platform scales with the way modern teams build software.

Identifying Risk in the Age of AI-Assisted Development

Security is the result of implementing the tools, personnel, and insight necessary to make informed decisions to mitigate risks within the software you create and the assets you consume through the software supply chain. While this process can be elaborate, rapid releases and CI/CD methodologies require that AppSec move at the speed of DevOps.

Achieving this is only possible with integrated controls and mechanisms to detect, prioritize, and address security issues at every stage in the SDLC and CI/CD pipelines. But how do you get there?

Join us as we recommend ways to establish security within DevOps without sacrificing efficiency. We’ll discuss:
- Pitfalls that can derail an organization’s AppSec initiative
- Strategies for overcoming obstacles to efficient, effective DevSecOps
- Recommendations for realizing integrated DevSecOps at scale

Integrating AppSec for Efficient DevSecOps

AI technologies are compelling teams to accelerate software development and to explore innovations previously regarded as unattainable. While 67% of organizations use AI coding assistants at least weekly to realize these goals, 57% feel that using AI coding assistants has introduced new security risks or has made it harder to detect issues in their codebase. AppSec teams are scrambling to keep pace.  

Join us for an in-depth exploration of today's DevSecOps landscape based on our yearly Global State of DevSecOps report and findings from independent research institute, SANS. We'll examine the delicate balance between AI-assisted development and modern DevSecOps strategies, focusing on: 
* The impact of AI coding assistants on development pipelines and security workflows 
* How AI-ready organizations maximize AppSec coverage and agility 
* The evolution of traditional application security testing (AST) to AI-enabled AST 
* Prerequisites for a scalable, robust DevSecOps program purpose-built for AI-enabled development

From Code to Security: The DevSecOps Frontier

Join our virtual event as we explore Vibe Coding, a revolutionary software development approach that leverages Artificial Intelligence (AI) to enhance code generation. This innovative method utilizes large language models (LLMs) in a dynamic, collaborative loop, transforming programming into a creative conversation. As we examine this cutting-edge technology, we'll discuss its implications on application security.
Key Takeaways:
• Discover how Vibe Coding uses AI to augment code generation
• Understand the collaborative loop between developers and large language models (LLMs)
• Explore the security implications of applications developed with Vibe Coding
• Learn how to address potential security concerns in this new development paradigm

Catch the Vibe-Line: Adding the "Sec" into Vibe Coding

Securing your software supply chain begins with knowing what’s in your code. With AI-generated code and ubiquitous open source software use, it’s never been more critical to understand what risks your software may contain. In fact, last year alone we found that 81% of codebases contained a high-/critical risk vulnerability.
 
Join this webinar as we explore the findings from the 2025 “Open Source Security and Risk Analysis” report. We’ll cover:
 
• The state of open source software security
• Tips for mitigating risks and keeping vulnerabilities out of your supply chain
• How to protect against security and IP risks from AI coding tools

The 2025 Guide to Open Source Security and Risk

Regardless of what you produce, where it's sold, and how long it is in service, your organization and products are subject to complex regulations. It can be hard for AppSec, DevSecOps, and compliance teams to get a clear picture of what the impact of any given regulation requires. 

In this session, we’ll provide an overview of regulations like CRA, DORA, the AI Act, and evolving US regulatory requirements to help teams understand how they can scale their AppSec programs while minimizing rework due to regulatory pressures.

The Evolving Cybersecurity & AI Regulatory Landscape

Evaluating a target’s software development process, software architecture, and code quality are becoming a must do in M&A software due diligence. Acquiring poorly designed software or buggy code could derail your post-close plans. 

Join this webinar to learn how to sidestep the tech debt trap. We’ll cover: 

      - The dimensions of software quality 
     - Norms for typical tech M&A targets 
     - How to uncover and mitigate tech debt and post-close “gotchas” 
     - Software due diligence best practices around software quality

Avoid Buggy Deals: Evaluating Software Quality in M&A Due Diligence

There are three regulations that every software development team should be aware of: NIST Secure Software Development Framework (SSDF), the EU Cyber Resilience Act (CRA), and the FDA Cybersecurity Requirements for Medical Devices. What’s your regulation IQ? 

Join this webinar to learn how to navigate these regulations to secure your software supply chain. We’ll cover:  

- Key requirements, commonalities, and differences across the three regulations  
- The importance of an SBOM in dependency tracking and risk management 
- Best practices for complying with these cybersecurity standards  

Register now.

How to Navigate NIST, CRA, and FDA Regulations

Software is essential in everyday products like cars, medical devices, airplanes, and IoT devices. Bugs and security flaws can have serious impacts on safety, the environment, and your reputation. As AI speeds up software development, it's more important than ever to keep your policies, coding standards, and testing up to date.

In this webinar, we’ll discuss:
- Trends that offer innovation but also increase the risk of costly errors
- Updates to functional safety standards that improve software reliability
- How to reduce supply chain risks by getting a full view of your software
- Strengthening software with thorough testing techniques

Register now to learn practical tips for creating secure, reliable functional safety software in 2025 and beyond.

Building Safe and Reliable Software in 2025

Developers have utilized source code management (SCM) tools since the 1980s to track, control, and manage changes across the software development life cycle. But the use of SCM tools is even more widespread now due to the emergence of distributed version control systems such as Git.

For DevSecOps though, it is essential to seamlessly integrate application security testing (AST) into the SCM environment, without compromising on fidelity and scalability. This gives organizations complete control over AST in their CI/CD pipelines.

What you'll learn:
- Onboard new projects easily from GitHub
- Get a centralized view of all your projects
- Orchestrate AST within GitHub actions & workflows
- Monitor all of your GitHub organizations continuously

Getting high fidelity AppSec results within your SCM environment

The Common Vulnerabilities and Exposures (CVE) system allows interested parties to track all the relevant information about a specific vulnerability. It helps avoid duplication and allows software vendors and users alike to ensure that they are referring to the same vulnerability in their efforts to protect systems against attack. 

In this 15 minute session, you’ll gain
• An understanding of what the CVE system is
• Knowledge of the stakeholders involved 
• Insight into the elements of a CVE ID
• A walkthrough of the CVE Record Lifecycle

CVE Explained

In February 2024, the NIST Cybersecurity Framework (CSF) 2.0 update was released, featuring the latest advancements. This update brings a host of transformative changes, expanding the framework's scope. It also provides stronger governance and supply chain risk management. There are also refining metrics for assessing cybersecurity effectiveness. 

Join this webinar to learn about
• The long-anticipated CSF 2.0 update
• The implications of the changes in the 2.0 update 
• Leveraging these changes to improve current cybersecurity programs

Embracing the Future of Cybersecurity with NIST CSF 2.0

Kubernetes is known for its ability to scale quickly, but does its security and management keep up with that growth? As your Kubernetes setup expands, it becomes harder to spot and fix potential problems.

Join our experts as they share modern ways to manage Kubernetes clusters and explain how to find misconfigurations and reduce risks.

In this discussion, you'll learn:
- A new way to look at and manage your Kubernetes clusters.
- How to spot dangerous misconfigurations and improve your cluster's security.

Don't miss out on learning how to secure your Kubernetes setup as it grows.

Securing Kubernetes Clusters: Managing Security and Risk

Open source software is at the heart of modern development, but it comes with its own set of challenges. The number of discovered vulnerabilities continues to rise year after year. Staying ahead in this evolving landscape requires not only vigilance but also access to accurate vulnerability data. 
Join us for an exclusive webinar with the Black Duck Vulnerability Research team, where you'll gain insights into their cutting-edge approach to identifying and addressing vulnerabilities in open source software. Discover how their innovative methods empower organizations to detect and remediate vulnerabilities quickly and effectively. 
In this session, you'll learn: 
- How the Black Duck Vulnerability Research team operates and innovates to deliver unparalleled vulnerability insights. 
- Why the quality and accuracy of vulnerability reports are critical to security success. 
- The latest trends and insights shaping the open source vulnerability landscape.

Black Duck Vulnerability Research

Vulnerabilities pose a vast threat to the security of software, systems, and users, and the number of vulnerabilities discovered is increasing year-on-year. Understanding the life cycle of vulnerabilities can help you track, manage, and mitigate these threats effectively. 
 
In this session, you'll gain
• Knowledge of the life cycle of a vulnerability, including examples
• An understanding of why managing vulnerabilities at each stage is crucial
• Awareness of how vulnerabilities are handled in the public and private domains
• Insight into the methods used to manage and fix vulnerabilities

Life Cycle of a Vulnerability

Containerized applications and microservices simplify scaling and deployment. Yet, they also create new opportunities for attackers to exploit. Misconfigurations in these environments can allow attackers to hide, move, and launch advanced attacks.
 
Join us for a deep dive into common container misconfigurations. We'll dive into Black Duck’s extensive experience in container penetration testing.
 
What you’ll learn:
    •    Common misconfigurations found in containerized environments.
    •    How attackers exploit these vulnerabilities to compromise systems.
    •    Strategies to reduce risks and enhance container security.

Understanding Container Security: Common Misconfigurations

APIs have become central to the daily operations of most businesses. Their rapid proliferation has exposed significant vulnerabilities that need immediate attention. This presentation provides an in-depth assessment of the current state of API security. We discuss the growth of API-related incidents and provide a framework for improving API security within organizations.

Join this webinar to learn about
• API security challenges due to the increase in API usage, and the resulting vulnerabilities
• Proactive security integrations for incorporating security measures throughout the entire API development life cycle
• A framework for enhancing API security to protect against emerging threats

Elevating API Security

Python is a fast, platform-agnostic, and easy-to-learn programming language that is suited for beginners and experienced developers alike. Ever since its first release in 1991, Python has had a constant presence in the computer world and has become a go-to language thanks to its easy-to-understand code and versatility. Today, Python can boast a wide array of libraries and frameworks, and they are the cornerstone of fast and easy Python programming—the so-called Pythonic way of development.
 
But like all programming languages, Python is not immune to security threats. Secure coding best practices must be adopted to avoid risks from attackers. In this webinar, we’ll explore Python security best practices that should employed when building secure application.

Python 101

As with all things tech, software development has been in a constant state of evolution since its infancy. Generative AI, however, has the potential to disrupt software development as we know it.
There are significant benefits offered by generative AI, but there are risks as well, including security risks. In its brief history, AI has generated buggy code, taken code from open source repositories without licensing considerations, and generated incorrect code.
In this webinar, you will learn
• What AI is and how it is used in the SDLC
• The ways AI is changing how software is being built
• The risks, drawbacks, and concerns of using AI
• How to benefit from AI while managing risks

How Generative AI is Changing the SDLC

Generative AI continues to reshape industries, but with its rapid adoption comes an equally fast-evolving set of security challenges. Infosec teams and organizational leaders are under increasing pressure to address these risks effectively.
 
Join us for a forward-looking session that draws on Black Duck’s extensive experience with clients and partners to provide valuable insights into managing AI/ML security in the coming year. This webinar will explore the shift from hype to practical implementation of generative AI, the sophisticated threat landscape targeting AI/ML systems, and key updates to the OWASP LLM Top 10 for 2025.
 
In this high-level discussion, you’ll gain:
- Lessons learned from real-world engagements with AI/ML security in 2024.
- Insights into the evolving threat landscape and its implications for AI/ML systems.
- A deeper understanding of critical changes in the OWASP LLM Top 10 for 2025.

Navigating AI/ML Security: The Essentials for 2025

DevSecOps and cloud services are driving container adoption in software. As container architectures get complex, they're increasingly exploited. This talk aims to clarify containerization and infrastructure-as-code (IaC) for beginners. We'll cover container technologies, key terms, their value, popularity, challenges, and security issues. We'll discuss common threats, vulnerabilities, attack vectors, and provide real-world attack examples. We'll reference standards and resources like OWASP Docker Top 10, Container Security Verification Standard, NIST Application Container Security guide, and CIS Benchmarks. Finally, we'll provide guidelines and best practices for securing containers.

Finding Your Way in Container Security

Log4Shell, SolarWinds, CodeCov, and the npm package repository are all associated with some type of software supply chain risk or incident, but each represents completely different attack vectors. As we depend more on build and release automation and third- party dependencies, we need to better understand how threat actors exploit them to attack the consumers of software.  In this session, you’ll learn
• The riskiest points of your software development life cycle
• The four most common supply chain attacks, with real-world examples
• How to create a firewall around the software supply chain to protect your software and your customers

Four Types of Supply Chain Attacks Development Teams Should Worry About

AppSec 101

Learn about OWASP as an organization and its key projects, and dive into the evolution and process of building the OWASP Top 10 list. Learn whether this list should be considered a one-size-fits-all standard for application security and how to use it for your application security activities. We will also discuss if there are any other alternatives.

The key takeaways from this talk include

· What OWASP and the OWASP Top 10 list are
· How the OWASP Top 10 list is defined and monitored
· How to use  the OWASP Top 10 list for your application security activities

OWASP Top 10 | Understanding IT and Using IT

OWASP

Application Security

Vulnerabilities

Vulnerability Intelligence

Vulnerability Management

Software Development

Web Application Security

Developers

Orchestration

CISO

Intellectual property law is crucial to ensuring that you or your organization have exclusive rights to that assets that you’ve created. The BrightTALK intellectual property community has thousands of professionals focused on learning and exchanging information about intellectual property management, intellectual property software and how to protect intellectual property. Join the community for access to free, interactive presentations or attend live webinars to have your questions answered by IP lawyers and industry experts.

Intellectual Property

The legal community on BrightTALK combines the fields of employment law, e-discovery, intellectual property and environmental law to create a thriving ecosystem of legal resources. Attend live and on-demand webinars dealing with employment contract law, e-discovery solutions, intellectual property software and sustainable development from leading lawyers and legal professionals to gain knowledge in a wide range of fields. Join the community and be part of the conversation by attending live legal webinars and connecting with industry thought leaders.

Legal

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

Join thousands of engaged IT professionals in the application management community on BrightTALK. Interact with your peers in relevant webinars and videos on the latest trends and best practices for application lifecycle management, application performance management and application development.

Application Management

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Internal audit and compliance professionals are facing increasingly stringent regulatory requirements when it comes to compliance reporting and internal control procedures. Join the audit and compliance community to learn best practices from thought leaders on topics such as regulatory compliance, internal audit checklists and audit program strategies.

Audit and Compliance

Get powerful market trends insights that are shaping the M

Mergers and Acquisitions

The accounting and finance community on BrightTALK features presentations from leading accountants and finance professionals. The accounting community includes tax planning strategies, QuickBooks webinars and other accounting webinars, while the finance community features presentations on financial capital regulations and forensic data analytics. Join the conversation by attending live financial and accounting presentations and connecting with industry thought leaders.

OWASP Top 10 | Understanding IT and Using IT

Presented by

About this talk

Black Duck