Name: [웨비나] 오픈소스 리스크 관리: 사례 분석 및 Black Duck SCA 신규 기능 업데이트
Start: 2025-07-23T06:00:00Z
End: 2025-07-23T06:00:45.000Z
Location: BrightTALK
Rating: 0

Black Duck® offers the most comprehensive, powerful, and trusted portfolio of application security solutions in the industry. We have an unmatched track record of helping organizations around the world secure their software quickly, integrate security efficiently in their development environments, and safely innovate with new technologies. As the recognized leaders, experts, and innovators in software security, Black Duck has everything you need to build trust in your software.

This year’s DevSecOps report defines a vivid image of organizations’ journey to secure their software development pipelines. It provides intriguing conclusions about operational challenges, AppSec efficiency, and evolving risk exposure amid the rise of AI-assisted development. Did you know that although 85% of respondents have some measures in place to address the challenges posed by AI-generated code, only 24% are “very confident” in their policies and processes for testing such code? 

Join us as we examine the key findings from the Black Duck 2024 DevSecOps report and discuss

• The state of DevSecOps across roles and technologies in light of AI-assisted development
• What a maturing DevSecOps program looks like, and which tools and practices foster growth
• How to integrate application security without impeding DevOps

DevSecOps in the Wild: Examining Global Security Factors in 2024

On the surface, representation and warranties insurance (RWI) is just a tool to protect a buyer against financial losses due to a breach of a seller/target’s representation and warranties in an acquisition agreement. For dealmakers though, RWI can be used more strategically to overcome certain obstacles and help facilitate closing transactions. So how does RWI actually work?   

Join this fireside chat-style webinar to get an understanding of what RWI is and how it can benefit both parties in a transaction. We’ll cover:   

• The types of transactions that typically utilize RWI 
• How insurers assess risk and the process to obtain RWI
• Common due diligence pitfalls and technology-related solutions that can bridge the gap

Representation and Warranties Insurance: How to Navigate M&A Risks

Join two of our cybersecurity experts for a lightning round that cuts through the hype and addresses the immediate challenges of AI in software development. We'll explore the paradigm shift that is reshaping creativity and problem-solving in development, the new frontier of AI-influenced software risk, and discuss ways in which AI coding assistants and open source AI models form the next evolution of the software supply chain crisis.
 
This session charts a course from high-level business concerns directly to the developer experience, examining:
- The business and contractual liabilities that arise when AI-generated code enters your products.
- New, instinct-driven "vibe programming" and the debate over whether this emerging methodology is a sustainable path to innovation or a source of unpredictable risk.
- How AI coding assistance alters hiring strategies and the critical role of code review by security-capable developers in an AI-driven workflow.
- Emerging attack vectors tied to the growing use of open-source AI models.
- Viable paths forward to harness the power of AI, manage its inherent risks, and minimize organizational disruption by establishing resilient and scalable safety nets within your pipeline.

AI-Assisted Disruption: How Change Impacts Dev and Sec as Organizations Pivot to AI

Join us to explore how to effectively leverage the new Defensics UI for fuzz testing. In this webinar, you’ll gain valuable insights into configuring test suites within the enhanced Black Duck Defensics UI. We’ll walk through key features including instrumentations, sequence editing, and reporting, ensuring you’re well-equipped to streamline your testing process.

Defensics- New UI Overview

In February 2024, the NIST Cybersecurity Framework (CSF) 2.0 update was released, featuring the latest advancements. This update brings a host of transformative changes, expanding the framework's scope. It also provides stronger governance and supply chain risk management. There are also refining metrics for assessing cybersecurity effectiveness. 

Join this webinar to learn about
• The long-anticipated CSF 2.0 update
• The implications of the changes in the 2.0 update 
• Leveraging these changes to improve current cybersecurity programs

Embracing the Future of Cybersecurity with NIST CSF 2.0

The Common Vulnerabilities and Exposures (CVE) system allows interested parties to track all the relevant information about a specific vulnerability. It helps avoid duplication and allows software vendors and users alike to ensure that they are referring to the same vulnerability in their efforts to protect systems against attack. 

In this 15 minute session, you’ll gain
• An understanding of what the CVE system is
• Knowledge of the stakeholders involved 
• Insight into the elements of a CVE ID
• A walkthrough of the CVE Record Lifecycle

CVE Explained

Application security teams face an impossible task: securing ever-growing codebases, pipelines, and technologies with limited resources. Security Champions offer a scalable, sustainable way to extend security reach—by embedding security-aware developers directly into engineering teams. In this session, we’ll explore how Champions act as force multipliers for AppSec, strengthen team collaboration, and drive secure development practices from within.

In this session, we will discuss
• Common obstacles to secure development and misalignment between security and development
• How Champions can bridge the gaps through ongoing collaboration
• Key steps to building and sustaining a successful Champions program
• Strategies to foster a collaborative, security-aware development culture

Security Champions: Scaling Security Through Collaboration

The latest “Building Security in Maturity Model” (BSIMM) report, based on data from 121 firms, reveals critical trends shaping the future of application security. Since its start in 2008, the BSIMM report has been a trusted resource for organizations navigating the challenges of securing software.

This webinar will dive into the key findings of BSIMM15, including
- The transformative role of AI/ML in software development and security
- Managing risks in the increasingly vulnerable software supply chain
- The surprising decline in security awareness training
- How the “shift everywhere” approach is evolving to meet the needs of emerging technologies

Join us to uncover actionable strategies to strengthen your application security program in an era of rapid change.

BSIMM15 Insights: Trends Shaping Software Security in 2025

Polaris offers a full suite of AppSec solutions from SAST, SCA to DAST and it continues to enhance your experience with powerful new features designed to streamline your workflow. In this webinar, you’ll discover three impactful new capabilities: Automatic Onboarding with GitHub, an improved Triage Approval workflow, and SAST Rapid Scanning. Join us for a live demonstration, learn practical tips to leverage these enhancements. The session will follow a brief Q&A. This live event is targeted for developers, product managers and adopters of all knowledge levels interested in learning what’s new in Polaris.

What's new in Polaris?

With software development accelerating in the AI era, there are even more sources of vulnerabilities to track. Managing this is an enormously complex task, as organizations are already struggling to unify data across disparate tools for testing, SCM, and reporting. As more organizations adopt AI-assisted development, existing issues with fragmented risk visibility will only get bigger. 
 
In this webinar, you will learn about capabilities for achieving a high-fidelity, organizational view of risk posture to better streamline auditing, visualize AppSec gaps, and identify your most vulnerable software. We will talk about necessary capabilities for aggregating key sources of data, standardizing risk scoring, and how you can set up the right technical foundations for success.

Contextualizing Risk in the Age of AI Development

Application security hasn’t gotten any simpler—especially as AI accelerates the way software is built. More code, more complexity, and more fragmented tooling make it harder to answer a basic question: Where are we exposed?  

This session explores how teams can regain clarity at the first step of any risk management program. That means identifying what’s running, what’s been tested, and what needs attention. We’ll look at how automation, speed, and policy can work together to improve visibility without slowing delivery.  

As part of Black Duck’s broader approach to application risk management, we’ll also show how solutions like Black Duck Polaris™ Platform scales with the way modern teams build software.

Identifying Risk in the Age of AI-Assisted Development

There are three regulations that every software development team should be aware of: NIST Secure Software Development Framework (SSDF), the EU Cyber Resilience Act (CRA), and the FDA Cybersecurity Requirements for Medical Devices. What’s your regulation IQ? 

Join this webinar to learn how to navigate these regulations to secure your software supply chain. We’ll cover:  

- Key requirements, commonalities, and differences across the three regulations  
- The importance of an SBOM in dependency tracking and risk management 
- Best practices for complying with these cybersecurity standards  

Register now.

Software Supply Chain Security: Navigating NIST, CRA, and FDA Regulations

AI coding assistants are transforming business, with adoption driven both by developers seeking help and by executives seeking savings. But this evolution should not come at the cost of enterprise security or valuable intellectual property. This session explores the most urgent challenges created by AI-enabled development, contrasted by the most effective methods to mitigate them without breaking DevOps pipelines.  

Whether you are advocating for change or evaluating your options, join us as we discuss:  

- Practical solutions for rapid, automated security testing integrated within CI/CD pipelines 
- AI-powered security tools that help developers to embrace AI and security teams to accelerate at the pace of AI 
- Mechanisms to protect valuable intellectual property as AI code generators leverage licensed source material 
- Emerging attack vectors baked into open source AI models and how to address them

Embrace AI coding assistants while efficiently managing risk

Security is becoming an increasingly important dimension of software due diligence in M&A. Cyber-attacks are on the rise and cyber-security tends to get greater attention during M&A, since acquirers don’t want to take on the next big security breach.  What’s the best way to assess a target’s software security posture? 

Join the experts who have managed hundreds of security due diligence projects to understand why security should be a key pillar of diligence. We’ll cover:   

- The security challenges that keep buyers up at night 
- Where to look and what questions to ask to uncover risk 
- Software due diligence best practices around security 

Register now.

Securing the Deal: How to Assess Software Security in M&A

CISOs must ensure their organizations comply with various cybersecurity regulations and industry standards. Each industry has its own hodgepodge of requirements and states are beginning to roll out their own regulatory mandates. Would adopting a risk management framework help you prioritize and address risks and achieve compliance? How can your enterprise satisfy auditors that sensitive data is being handled securely? And how can you prove that to regulators following a breach? In this webinar, experts discuss the impact of tightening compliance and privacy rules — and enforcement — on the way enterprises approach cybersecurity, and how you can meet their requirements going forward.

During this webinar you will: 

- Get an overview of the shifting regulatory environment  
- Hear how organizations are using tooling to tackle regulatory challenges 
- Get best practices for avoiding enforcement actions from regulators

How CISOs Navigate the Regulatory and Compliance Maze

Securing your software supply chain begins with knowing what’s in your code. With AI-generated code and ubiquitous open source software use, it’s never been more critical to understand what risks your software may contain. In fact, last year alone we found that 81% of codebases contained a high-/critical risk vulnerability.
 
Join this webinar as we explore the findings from the 2025 “Open Source Security and Risk Analysis” report. We’ll cover:
 
• The state of open source software security
• Tips for mitigating risks and keeping vulnerabilities out of your supply chain
• How to protect against security and IP risks from AI coding tools

The 2025 Guide to Open Source Security and Risk

Software is the backbone of many businesses today. Even though secure and reliable code is important, it's harder than ever to follow coding rules because apps are complex, open source is common, and security threats keep changing.

In this webinar, we’ll discuss:  
• How policy-driven scans help ensure your software meets compliance 
• Testing your software early in the SDLC when issues are easiest to resolve 
• Tracking and prioritizing the defects that are most critical to your software 
• Generating custom reports that prove compliance to your leadership team  

Ensure your software complies with the coding standards that are most important to your business. Register today.

Proving Code Compliance to Leadership

Generative artificial intelligence (GAI) will fundamentally change the way that software is built. Whether they are developing or using AI tools, organizations must understand the opportunities and risks involved, and evolve governance, policies and processes to address those risks.

Join this webinar for a deep dive into the issues that arise when using GAI in software development. We’ll cover:

• Open source data and software licenses and risks with AI
• Licensing and clearance considerations for materials used to train AI models
• Licensing considerations in building, training, and using AI models
• A deep dive on GitHub Copilot, including implications of the class action suit

Generative AI, Training Data, Open Source, and GitHub Copilot, Oh My!

소프트웨어 개발에서 오픈소스를 사용하는 경우는 꾸준하게 증가하고 있으며, 최근에는 AI를 개발에 활용하면서 증가세가 더욱 가파르게 변하고 있습니다. 오픈소스 라이선스 분쟁 사례를 통해, 오픈소스 사용과 AI를 통한 코드 개발에서 라이선스 측면에서는 어떤 부분을 더 신경써야 할 지 알아봅니다. 그리고, Black Duck SCA 솔루션에 최근 들어가 새로운 기능에 대해서도 간략하게 소개합니다.

이 웨비나에 참석하여 자세히 알아보세요
 
• 오픈소스는 무료이지만 사용에는 법적인 책임이 따릅니다
• 오픈소스 라이선스는 저작권을 넘어서 사용자와의 계약
• Black Duck SCA 2025.4.0 의 새로운 정책 기능과 KB 업데이트

[웨비나] 오픈소스 리스크 관리: 사례 분석 및 Black Duck SCA 신규 기능 업데이트

Open Source

DevSecOps

AppSec

Intellectual property law is crucial to ensuring that you or your organization have exclusive rights to that assets that you’ve created. The BrightTALK intellectual property community has thousands of professionals focused on learning and exchanging information about intellectual property management, intellectual property software and how to protect intellectual property. Join the community for access to free, interactive presentations or attend live webinars to have your questions answered by IP lawyers and industry experts.

Intellectual Property

The legal community on BrightTALK combines the fields of employment law, e-discovery, intellectual property and environmental law to create a thriving ecosystem of legal resources. Attend live and on-demand webinars dealing with employment contract law, e-discovery solutions, intellectual property software and sustainable development from leading lawyers and legal professionals to gain knowledge in a wide range of fields. Join the community and be part of the conversation by attending live legal webinars and connecting with industry thought leaders.

Legal

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

Join thousands of engaged IT professionals in the application management community on BrightTALK. Interact with your peers in relevant webinars and videos on the latest trends and best practices for application lifecycle management, application performance management and application development.

Application Management

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Internal audit and compliance professionals are facing increasingly stringent regulatory requirements when it comes to compliance reporting and internal control procedures. Join the audit and compliance community to learn best practices from thought leaders on topics such as regulatory compliance, internal audit checklists and audit program strategies.

Audit and Compliance

Get powerful market trends insights that are shaping the M

Mergers and Acquisitions

The accounting and finance community on BrightTALK features presentations from leading accountants and finance professionals. The accounting community includes tax planning strategies, QuickBooks webinars and other accounting webinars, while the finance community features presentations on financial capital regulations and forensic data analytics. Join the conversation by attending live financial and accounting presentations and connecting with industry thought leaders.

[웨비나] 오픈소스 리스크 관리: 사례 분석 및 Black Duck SCA 신규 기능 업데이트

Presented by

About this talk

More from this channel