Name: 2025 오픈소스 보안 및 위험 가이드
Start: 2025-05-28T06:00:00Z
End: 2025-05-28T06:00:46.000Z
Location: BrightTALK
Rating: 4.7

Black Duck® offers the most comprehensive, powerful, and trusted portfolio of application security solutions in the industry. We have an unmatched track record of helping organizations around the world secure their software quickly, integrate security efficiently in their development environments, and safely innovate with new technologies. As the recognized leaders, experts, and innovators in software security, Black Duck has everything you need to build trust in your software.

On the surface, representation and warranties insurance (RWI) is just a tool to protect a buyer against financial losses due to a breach of a seller/target’s representation and warranties in an acquisition agreement. For dealmakers though, RWI can be used more strategically to overcome certain obstacles and help facilitate closing transactions. So how does RWI actually work?   

Join this fireside chat-style webinar to get an understanding of what RWI is and how it can benefit both parties in a transaction. We’ll cover:   

• The types of transactions that typically utilize RWI 
• How insurers assess risk and the process to obtain RWI
• Common due diligence pitfalls and technology-related solutions that can bridge the gap

Representation and Warranties Insurance: How to Navigate M&A Risks

Join us to explore how to effectively leverage the new Defensics UI for fuzz testing. In this webinar, you’ll gain valuable insights into configuring test suites within the enhanced Black Duck Defensics UI. We’ll walk through key features including instrumentations, sequence editing, and reporting, ensuring you’re well-equipped to streamline your testing process.

Defensics- New UI Overview

The Common Vulnerabilities and Exposures (CVE) system allows interested parties to track all the relevant information about a specific vulnerability. It helps avoid duplication and allows software vendors and users alike to ensure that they are referring to the same vulnerability in their efforts to protect systems against attack. 

In this 15 minute session, you’ll gain
• An understanding of what the CVE system is
• Knowledge of the stakeholders involved 
• Insight into the elements of a CVE ID
• A walkthrough of the CVE Record Lifecycle

CVE Explained

The latest “Building Security in Maturity Model” (BSIMM) report, based on data from 121 firms, reveals critical trends shaping the future of application security. Since its start in 2008, the BSIMM report has been a trusted resource for organizations navigating the challenges of securing software.

This webinar will dive into the key findings of BSIMM15, including
- The transformative role of AI/ML in software development and security
- Managing risks in the increasingly vulnerable software supply chain
- The surprising decline in security awareness training
- How the “shift everywhere” approach is evolving to meet the needs of emerging technologies

Join us to uncover actionable strategies to strengthen your application security program in an era of rapid change.

BSIMM15 Insights: Trends Shaping Software Security in 2025

Polaris offers a full suite of AppSec solutions from SAST, SCA to DAST and it continues to enhance your experience with powerful new features designed to streamline your workflow. In this webinar, you’ll discover three impactful new capabilities: Automatic Onboarding with GitHub, an improved Triage Approval workflow, and SAST Rapid Scanning. Join us for a live demonstration, learn practical tips to leverage these enhancements. The session will follow a brief Q&A. This live event is targeted for developers, product managers and adopters of all knowledge levels interested in learning what’s new in Polaris.

What's new in Polaris?

Security is becoming an increasingly important dimension of software due diligence in M&A. Cyber-attacks are on the rise and cyber-security tends to get greater attention during M&A, since acquirers don’t want to take on the next big security breach.  What’s the best way to assess a target’s software security posture? 

Join the experts who have managed hundreds of security due diligence projects to understand why security should be a key pillar of diligence. We’ll cover:   

- The security challenges that keep buyers up at night 
- Where to look and what questions to ask to uncover risk 
- Software due diligence best practices around security 

Register now.

Securing the Deal: How to Assess Software Security in M&A

Software is the backbone of many businesses today. Even though secure and reliable code is important, it's harder than ever to follow coding rules because apps are complex, open source is common, and security threats keep changing.

In this webinar, we’ll discuss:  
• How policy-driven scans help ensure your software meets compliance 
• Testing your software early in the SDLC when issues are easiest to resolve 
• Tracking and prioritizing the defects that are most critical to your software 
• Generating custom reports that prove compliance to your leadership team  

Ensure your software complies with the coding standards that are most important to your business. Register today.

Proving Code Compliance to Leadership

Generative artificial intelligence (GAI) will fundamentally change the way that software is built. Whether they are developing or using AI tools, organizations must understand the opportunities and risks involved, and evolve governance, policies and processes to address those risks.

Join this webinar for a deep dive into the issues that arise when using GAI in software development. We’ll cover:

• Open source data and software licenses and risks with AI
• Licensing and clearance considerations for materials used to train AI models
• Licensing considerations in building, training, and using AI models
• A deep dive on GitHub Copilot, including implications of the class action suit

Generative AI, Training Data, Open Source, and GitHub Copilot, Oh My!

Do you know how to navigate the risks of AI-powered development? How can you establish secure DevSecOps initiatives?  
  
This presentation will highlight key aspects of the latest AI-trends and the risk implications for business operations. Get crucial insights from a roundtable discussion with industry leaders from NTT DATA Italy and AppSec Application Security Services. Key takeaways include
 
- Understanding the potential security risks of AI-powered development 
- Strategies for establishing consistent and scalable DevSecOps initiatives in AI-powered development 
- Empowering developers to create secure software

Navigating the Risks of AI-Powered Development for Secure Software

From Argo to Zipkin, CI/CD pipelines have revolutionized how we build and deploy software at scale and speed. While most security efforts focus on scanning the code itself, a critical blind spot remains: the infrastructure that runs these pipelines. What if the very tools designed to build your application are compromised?
  
In this webinar, we’ll uncover overlooked risks and real-world insights from security assessments of CI/CD infrastructure. Join us to learn:
- Why securing the pipeline infrastructure is just as important as scanning code
- How misconfigurations and overlooked components can expose secrets and credentials
- Practical steps to harden your CI/CD environments

The Weakest Link? Securing Your CI/CD Pipeline Infrastructure

Security is the result of implementing the tools, personnel, and insight necessary to make informed decisions to mitigate risks within the software you create and the assets you consume through the software supply chain. While this process can be elaborate, rapid releases and CI/CD methodologies require that AppSec move at the speed of DevOps.

Achieving this is only possible with integrated controls and mechanisms to detect, prioritize, and address security issues at every stage in the SDLC and CI/CD pipelines. But how do you get there?

Join us as we recommend ways to establish security within DevOps without sacrificing efficiency. We’ll discuss:
- Pitfalls that can derail an organization’s AppSec initiative
- Strategies for overcoming obstacles to efficient, effective DevSecOps
- Recommendations for realizing integrated DevSecOps at scale

Integrating AppSec for Efficient DevSecOps

There are three regulations that every software development team should be aware of: NIST Secure Software Development Framework (SSDF), the EU Cyber Resilience Act (CRA), and the FDA Cybersecurity Requirements for Medical Devices. What’s your regulation IQ? 

Join this webinar to learn how to navigate these regulations to secure your software supply chain. We’ll cover:  

- Key requirements, commonalities, and differences across the three regulations  
- The importance of an SBOM in dependency tracking and risk management 
- Best practices for complying with these cybersecurity standards  

Register now.

Software Supply Chain Security: Navigating NIST, CRA, and FDA Regulations

AI coding assistants are transforming business, with adoption driven both by developers seeking help and by executives seeking savings. But this evolution should not come at the cost of enterprise security or valuable intellectual property. This session explores the most urgent challenges created by AI-enabled development, contrasted by the most effective methods to mitigate them without breaking DevOps pipelines.  

Whether you are advocating for change or evaluating your options, join us as we discuss:  

- Practical solutions for rapid, automated security testing integrated within CI/CD pipelines 
- AI-powered security tools that help developers to embrace AI and security teams to accelerate at the pace of AI 
- Mechanisms to protect valuable intellectual property as AI code generators leverage licensed source material 
- Emerging attack vectors baked into open source AI models and how to address them

Embrace AI coding assistants while efficiently managing risk

Software is essential in everyday products like cars, medical devices, airplanes, and IoT devices. Bugs and security flaws can have serious impacts on safety, the environment, and your reputation. As AI speeds up software development, it's more important than ever to keep your policies, coding standards, and testing up to date.

In this webinar, we’ll discuss:
- Trends that offer innovation but also increase the risk of costly errors
- Updates to functional safety standards that improve software reliability
- How to reduce supply chain risks by getting a full view of your software
- Strengthening software with thorough testing techniques

Register now to learn practical tips for creating secure, reliable functional safety software in 2025 and beyond.

Building Safe and Reliable Software in 2025

Still think Black Duck solutions are only on-prem? Think again.

Join us for a myth-busting session that introduces Black Duck Polaris™ Platform, the SaaS True Scale Application Security platform from Black Duck. Built for modern development pipelines, Polaris combines multiple security testing engines—static analysis, software composition analysis, and dynamic testing—into a single platform with the speed, scalability, and simplicity today’s teams demand.

In this session, we’ll cover
• What Polaris is and how it redefines AppSec in the cloud
• How Polaris integrates seamlessly into CI/CD workflows for real-time security insights
• How Polaris scales effortlessly, from small teams to enterprise wide deployments
• How Polaris accelerates remediation with intelligent risk insights and policy-driven enforcement
• How customers are already benefiting from Polaris fAST

Whether you're a developer, security engineer, or decision-maker, this session will give you the clarity to confidently adopt and advocate for the Polaris platform.

Breaking the Myth: True Scale SaaS AppSec Platform

Application security teams face an impossible task: securing ever-growing codebases, pipelines, and technologies with limited resources. Security Champions offer a scalable, sustainable way to extend security reach—by embedding security-aware developers directly into engineering teams. In this session, we’ll explore how Champions act as force multipliers for AppSec, strengthen team collaboration, and drive secure development practices from within.

In this session, we will discuss
• Common obstacles to secure development and misalignment between security and development
• How Champions can bridge the gaps through ongoing collaboration
• Key steps to building and sustaining a successful Champions program
• Strategies to foster a collaborative, security-aware development culture

Security Champions: Scaling Security Through Collaboration

保护您的软件供应链始于了解代码中的内容。随着人工智能生成的代码和无处不在的开源软件的使用，了解软件可能包含的风险变得前所未有的重要。事实上，仅去年一年，我们就发现81%的代码库包含高风险漏洞。

参加本次网络研讨会，与我们一起探讨2025年《开源安全和风险分析报告》的研究成果。我们将讨论：  

• 开源软件的安全状况
• 降低风险和预防供应链漏洞的技巧
• 如何防范AI编码工具带来的安全和知识产权风险

2025年开源安全与风险指南

This year’s DevSecOps report defines a vivid image of organizations’ journey to secure their software development pipelines. It provides intriguing conclusions about operational challenges, AppSec efficiency, and evolving risk exposure amid the rise of AI-assisted development. Did you know that although 85% of respondents have some measures in place to address the challenges posed by AI-generated code, only 24% are “very confident” in their policies and processes for testing such code? 

Join us as we examine the key findings from the Black Duck 2024 DevSecOps report and discuss

• The state of DevSecOps across roles and technologies in light of AI-assisted development
• What a maturing DevSecOps program looks like, and which tools and practices foster growth
• How to integrate application security without impeding DevOps

DevSecOps in the Wild: Examining Global Security Factors in 2024

소프트웨어 공급망을 안전하게 보호하기 위해서는 소프트웨어 코드 안에 무엇이 있는지 알아야 합니다. AI 생성 코드가 도입되고 오픈소스 소프트웨어의 사용이 증가함에 따라, 소프트웨어에 어떤 위험이 내재되어 있는지 파악하는 일이 더욱 중요해졌습니다. 사실 작년만 해도 코드베이스의 81%에서 고위험 또는 극고위험 취약점이 발견되었습니다. 
이번 웨비나에서는 2025 “오픈소스 보안 및 위험 분석” 보고서를 통해 이러한 내용을 살펴봅니다. 

웨비나 주요 내용:  
• 오픈소스 소프트웨어 보안 현황 
• 보안 위험 완화 및 공급망 취약점 관리 요령 
• AI 코딩 도구의 보안 및 IP 위험 방지

2025 오픈소스 보안 및 위험 가이드

Open Source

Application Security

SBOM

SWSC

Intellectual property law is crucial to ensuring that you or your organization have exclusive rights to that assets that you’ve created. The BrightTALK intellectual property community has thousands of professionals focused on learning and exchanging information about intellectual property management, intellectual property software and how to protect intellectual property. Join the community for access to free, interactive presentations or attend live webinars to have your questions answered by IP lawyers and industry experts.

Intellectual Property

The legal community on BrightTALK combines the fields of employment law, e-discovery, intellectual property and environmental law to create a thriving ecosystem of legal resources. Attend live and on-demand webinars dealing with employment contract law, e-discovery solutions, intellectual property software and sustainable development from leading lawyers and legal professionals to gain knowledge in a wide range of fields. Join the community and be part of the conversation by attending live legal webinars and connecting with industry thought leaders.

Legal

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

Join thousands of engaged IT professionals in the application management community on BrightTALK. Interact with your peers in relevant webinars and videos on the latest trends and best practices for application lifecycle management, application performance management and application development.

Application Management

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Internal audit and compliance professionals are facing increasingly stringent regulatory requirements when it comes to compliance reporting and internal control procedures. Join the audit and compliance community to learn best practices from thought leaders on topics such as regulatory compliance, internal audit checklists and audit program strategies.

Audit and Compliance

Get powerful market trends insights that are shaping the M

Mergers and Acquisitions

The accounting and finance community on BrightTALK features presentations from leading accountants and finance professionals. The accounting community includes tax planning strategies, QuickBooks webinars and other accounting webinars, while the finance community features presentations on financial capital regulations and forensic data analytics. Join the conversation by attending live financial and accounting presentations and connecting with industry thought leaders.

2025 오픈소스 보안 및 위험 가이드

Presented by

About this talk

More from this channel