The average enterprise today leveraging hundreds of applications across multiple clouds. With the risk of cyber attacks and breaches looming large, application security is becoming a key area of focus for organizations.
Join this interactive Q&A panel of industry experts to learn more about:
- How to integrate application security testing into the DevOps process early on
- Why automation, speed and coverage are critical to the success of DevSecOps programs
- Speed vs Security: Where do you draw the line?
- Recommendations for improving security in 2019
RecordedMar 5 201943 mins
Your place is confirmed, we'll send you email reminders
Jeffrey Martin, Senior Director of Product at WhiteSource and Anders Wallgren, VP of Technology Strategy at CloudBees
Your organization has already embraced the DevOps methodology? That’s a great start. But what about security?
It’s a fact - many organizations fear that adding security to their DevOps practices will severely slow down their development processes. But this doesn’t need to be the case.
Tune in to hear Jeff Martin, Senior Director of Product at WhiteSource and Anders Wallgren, VP of Technology Strategy at Cloudbees, as they discuss:
- Why traditional DevOps has shifted, and what this will mean
- Who should own security in the age of DevOps
- Which tools and strategies are needed to implement continuous security throughout the DevOps pipeline
Jeffrey Martin, Senior Director of Product at WhiteSource and Fernando Diaz, Technical Marketing Manager at GitLab
GitLab helps you to scale security across your Continuous Integration (CI) process enabling developers to test their code with every code change, right in their existing workflow.
By seamlessly integrating WhiteSource’s security application testing solution in GitLab CI, we further reduce context switching and increase developer productivity. This enables developers and InfoSec professionals to work together to enhance application security in one integrated platform and continue shifting left.
Join us in learning how to leverage the GitLab developer’s workflow and the value of integrating WhiteSource’s security testing solution directly into that workflow.
We will share some best practices around shifting security left and demonstrate how to integrate WhiteSource into GitLab’s merge request pipeline and security dashboard.
Jeffrey Martin, Senior Director of Product and Sharon Sharlin, Product Marketing Manager
WhiteSource’s Annual Report on The State of Open Source Security Vulnerabilities in 2020 found that a record-breaking number of new open source security vulnerabilities in was published in 2019.
In our research, we focused on open source security’s weakest and strongest points in the hopes of bringing some clarity to the fast-paced and complex space of known open source security vulnerabilities.
Join Jeffrey Martin, Senior Director of Product and Sharon Sharlin, Product Marketing Manager at WhiteSource as they discuss:
•How the open source community is evolving when it comes to security research and what to expect in 2020.
•Ways software development outfits can implement secure coding from the earliest stages of the DevOps pipeline.
•Best practices for development, DevOps, and Security teams to make sure they address the most critical issues to their software products’ security.
Have you considered what truly separates accidental vulnerabilities in open source from intentionally malicious releases? Although often grouped together as "vulnerabilities", malicious open source components are very different, right from their very creation through to the way you mitigate and remediate them as an end user. The past 12 months saw a record-breaking time for detection of malicious components in the world's most popular package registries.
Join Rhys Arkins, Director of Product, as he will discuss:
1. The key differences between accidental vulnerabilities and malicious releases
2. How to manage the risk for each type of vulnerability
3. Lessons learned from the most interesting malicious packages spotted during 2019
Open source security, once viewed as an oxymoron, has come into its own as a way for organizations to secure their environments without breaking their bank. As a result, a plethora of open source security technologies have flooded the market, creating more opportunity as well as challenges and a healthy dose of confusion. The webinar looks at the state of the open source security market and trends in open source security, and examines some of the potential benefits and pitfalls.
Open Source has become the key building block for application development in today's market, where companies are under constant pressure to accelerate time to market.
The increasing adoption of open source components, however, has introduced new security challenges that most teams are not prepared to mitigate in their current posture.
Join the industry expert, at Whitesource, as she presents the 5 approaches and best practices that security teams should implement in order to enable their developers to harness the power of open source without slowing them down or compromising on security.
In the runup to KubeCon + CloudNativeCon Europe, we’ll examine what’s happening in the Kubernetes and containers landscape, including new technologies, services and ecosystems worth knowing about as well as changes looming on the horizon
Open-source components are prevalent in approximately 97% of modern applications and dominate anywhere between 60-80% of their codebases.
This is hardly surprising given how integrating open source accelerates software development and enables organizations to keep up with today's frantic release pace and standards of constantly supplying new features and improvements.
Today no one can claim ignorance about the need for an open source vulnerability strategy, so what is yours? Are you the fire alarm type, who prefers to sit tight unless a vulnerability alert is ringing in your inbox? Or are you the fire hose type, staying ahead of the game with a never-ending stream of open source updates to apply? Join Rhys as he discusses the pros and cons of these two approaches, as well as whether there's a magical middle ground between the two which doesn't involve a fire analogy.
Application security is a top priority today for companies that are developing software.
However, it is also becoming more challenging and complex as release frequency continues to rise, more open source components are adopted, and the requirements for data security are getting stricter.
Thanks to new DevOps practices and tools, development cycles are getting shorter, allowing organizations to meet market demands and deliver a superior customer experience, but is application security keeping up? How is it possible to develop at the speed of business, while also maintaining application security, particularly for open source components? Developers have a key role to play in balancing security with the need for rapid innovation.
Join Jeffrey Martin and Rhys Arkins, the Directors of Product at WhiteSource, as they discuss:
-The latest insights leading AppSec and open source security to shift left into early stages;
-Conclusions from our research that encompassed a survey of over 650 software developers worldwide;
-Strategies and tools that can be used to develop both quickly and securely.
Amid all the talk of shifting left, mingling the DevOps and Security tribes and how can we do code better, faster and with more quality a funny thing happened. Security vendors are developing security tools for devs and DevOps. The security team still pays for them, but they won't buy them without Dev and DevOps buy in. What does this mean for 2020? Will we see better "quality (codeword for security)" in our apps? What should security teams be doing to make this happen? What should Devs and DevOps teams do to adopt these new developer-friendly tools? Is 2020 the year DevSecOps makes a difference?
Jeffrey Martin, Senior Director of Product at WhiteSource
Over the past few years, more and more companies are turning to containerized environments to scale their applications.
However, keeping containers secure throughout the development life cycle presents many challenges to security and development teams. In order to address them, organizations need to adopt a new set of security processes and tools.
This session will focus on the three most vulnerable areas of container security and the best practices to help teams develop and deploy securely.
Join Jeffrey Martin, Senior Director of Product at WhiteSource, as he discusses:
The top challenges to security in containerized environments
How DevSecOps addresses security in containerized environments
Tips and tricks for successfully incorporating security into the container lifecycle
DevSecOps sets out to relieve the costly and stressful delays that can occur when security testing is performed late in the game, by setting up processes and tools for "shifting left" so security testing can happen early and often. As organizations continue to embrace this DevSecOps approach, testing tools and practices are integrated even further left in the development pipeline.
Join Senior Product Manager, Shiri Ivtsan, as she discusses:
Where and how developers are implementing DevSecOps in the SDLC;
Best practices for developers to adopt DevSecOps and more efficiently handle vulnerabilities;
Necessary steps for implementing a process for detection, prioritization, and remediation of open source vulnerabilities.
Jeffrey Martin, Director of Product at WhiteSource
The need to include security as part of the DevOps process is well-understood, and greater numbers of DevOps teams are shifting security left to ensure their applications are more secure. But how can an organization scale its DevSecOps efforts without introducing unnecessary friction in the software development life cycle? This webinar explores some of the pitfalls to avoid when looking to scale DevSecOps and offers tips to help organizations keep their DevSecOps efforts on track.
Jeffrey Martin (Director of Product) and Dan Garfield (Chief Technology Evangelist at Codefresh)
Container images are based on many direct and indirect open source dependencies, which most developers are not aware of. What are the security implications of only seeing the tip of the iceberg? What are the challenges one faces when relying so heavily on open source? And how can teams overcome these?
Join Codefresh and WhiteSource, as they embark on a journey to tackle:
*The container iceberg - learn what are your blind spots
*The main security challenges when using open source in containerized applications
*The role of automation in open source security in containers
*A live demo showing how WhiteSource & Codefresh can allow you to automate open source security in containers throughout the DevOps pipeline
The push to the cloud has introduced a previously unknown level of agility to many organizations, but sometimes at the expense of data security. Human error often is the cause of cloud security blunders, putting sensitive data at risk and causing real damage to companies in terms of financial liability and loss of reputation. This webinar discusses some of the more overlooked aspects of cloud security and offers up some best practices for ensuring data in the cloud is truly secure.
Containers are shaping the way organizations are developing and managing applications nowadays. However, many are not always fully aware of the measures that need to be taken across the entire software development lifecycle, especially when it comes to open source security aspects. The mindset of securing our applications needs to be shifted – to continuous security. In this session, Shiri Ivstan, Product Manager at WhiteSource, will discuss:
1) the main security challenges organizations face when using containers;
2) the most common layers in a typical container deployment; and
3) 4 simple steps to build security into each layer.
Larry Macherrone (DevSecOps Transformation Leader at Comcast)
Many security specialists, especially at large organizations, believe that better security comes from robust independent gating. On the other hand, DevOps has proven that you can safely deploy orders of magnitude faster than human gating can achieve.
Similarly, security groups believe that policy enforcement is their biggest (only?) lever... "If we can just update the policies to be more consumable/relevant/context aware/etc and get developers to pay attention, then magic will happen." But, policy enforcement rarely moves the needle and it creates a tense relationship between development and security that can do more harm than good.
This talk is a step-by-step framework for going from wherever you are now to getting on the path of DevSecOps cultural transformation. It addresses the mindset shift concerns for all relevant audiences. It addresses the mechanics of getting started and tracking progress. It's adaptable to any environment regardless of industry, technology, or maturity. Most importantly it's been proven in a highly diverse environment at Comcast.
Thanks to containerization and automation, applications are being developed and delivered faster than ever. With tools such as AWS ECR, developers are able to store, manage and deploy Docker container images without having to worry about operating their own container repositories or scaling the underlying infrastructure. With this, however, arise challenges around managing the security and compliance aspect of your container images. With tools such as WhiteSource, developers are able to manage the security of their containers and container images with no impact on agility and speed.
Join Shiri Ivtsan, Product Manager at WhiteSource and Carmen Puccio, Solutions Architect at AWS, as they discuss the following:
- Effectively managing and deploying your container images
- Gaining full visibility into your container images
- Building and automating security into each layer of the container environment to ensure a continuous process throughout the SDLC
- Demonstrating a live example using a vulnerable container image
An open source security and licenses management solution
WhiteSource allows engineering, security and compliance officers to effortlessly secure and manage the use of open source components in their software, allowing developers to focus on building great products. WhiteSource fully automates all open source management processes: component detection; security vulnerability alerts and fixes; license risk and compliance analysis along with policy enforcement; quality review, and new version alerts. It offers a complete suite of control, reporting and management to help software teams manage open source truly effortlessly. For more information about WhiteSource, visit http://www.whitesourcesoftware.com or follow us on twitter: @whitesourcesoft
Improving Security in a DevOps WorldMichelle McLean (StackRox), Azi Cohen, (WhiteSource), Cindy Blake (GitLab), Vikram Kapoor (Lacework)[[ webcastStartDate * 1000 | amDateFormat: 'MMM D YYYY h:mm a' ]]43 mins