Hi [[ session.user.profile.firstName ]]

The State of Open Source Security Management

How should organizations think about the open source components that they are using in their products? Why should organizations take steps toward open source vulnerability management? As open source management is being widely adopted and has earned its place into the standard AppSec tools suite, discover how organizations should the most of these tools and bring them into the development lifecycle.

Join Rami Sass for a video interview at RSA Conference 2019 to learn more about:
- Why open source is being so widely embraced by enterprises for their development nowadays?
- What are the risks when it comes to using open source components? Are open source libraries riskier than proprietary code?
- For those businesses that are ready to implement open source management and security, where should they start?
- Where do you see open source usage moving in the next 5 years? What are going to be the challenges that companies are going to require solutions for managing better?
Recorded Mar 6 2019 20 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Rami Sass, CEO, WhiteSource & Vince Tocce, Host, Vince in the Bay Podcast
Presentation preview: The State of Open Source Security Management

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Dependency confusion - How easy is to Hack Into Organisations Oct 27 2021 5:00 pm UTC 61 mins
    Maciej Mansfield S.Prodct Manager WhiteSource, Eylam Milner, Co-Founder & CTO Argon Security
    Join the expert as they describe various types of supply chain attacks which have been observed and blocked in the past year. They will discuss their experience defending against malicious packages and artifactory manipulation, and how this knowledge can be used to enhance your security across all ecosystems
  • Software Supply Chain from Code to Production and back Recorded: Oct 20 2021 60 mins
    Maciej Mansfield S.Prodct Manager WhiteSource, Eylam Milner, Co-Founder & CTO Argon Security , Marina Segal,Director of PM
    Growing usage of open-source software does not come without a price. The dependence of modern software on open source components opened the opportunity to exploit such software using the open-source components. This session should arm you with enough knowledge of the risks and countermeasures to avoid losing the race
  • Addressing Security Debt with a Developer-first Approach Recorded: Oct 13 2021 50 mins
    Shiri Arad Ivtsan, Director of Product
    As organizations struggle to keep the application layer secure, more security tasks are added to developers' already heavy workloads. The result: alert fatigue, friction between security and development teams and, ultimately, higher risk as security debt continues to grow. Clearly, requiring developers to become instant security experts is not a viable option. What are the barriers to integrating AppSec into development? How can organizations provide developers with the processes and tools that they need to ensure that AppSec is shifting left, and that security is addressed from the earliest stages of development?
  • Software Supply Chain from Code to Production and back Recorded: Oct 7 2021 60 mins
    Maciej Mansfield S.Prodct Manager WhiteSource, Eylam Milner, Co-Founder & CTO Argon Security , Marina Segal,Director of PM
    Growing usage of open-source software does not come without a price. The dependence of modern software on open source components opened the opportunity to exploit such software using the open-source components. This session should arm you with enough knowledge of the risks and countermeasures to avoid losing the race
  • Addressing Security Debt with a Developer-first Approach Recorded: Oct 7 2021 50 mins
    Shiri Arad Ivtsan, Director of Product
    As organizations struggle to keep the application layer secure, more security tasks are added to developers' already heavy workloads. The result: alert fatigue, friction between security and development teams and, ultimately, higher risk as security debt continues to grow. Clearly, requiring developers to become instant security experts is not a viable option. What are the barriers to integrating AppSec into development? How can organizations provide developers with the processes and tools that they need to ensure that AppSec is shifting left, and that security is addressed from the earliest stages of development?
  • How to Reduce Enterprise Application Security Risks Recorded: Sep 30 2021 60 mins
    Jeffrey Martin, Associate VP product & Lilach Aviad Director of Product Marketing
    WhiteSource, in conjunction with Ponemon Institute, recently surveyed over 600 IT and IT security practitioners who are familiar with their organizations’ approach to securing applications – and here’s a spoiler: the highest level of security risk is considered by many organizations to be in the application layer. So what can Enterprise organizations do to reduce their application security risks? Join Jeffrey Martin, Associate VP Product at WhiteSource and Lilach Aviad, Director of Product Marketing, as they present:
     Why applications are more vulnerable to attack than other areas of vulnerabilities.
     Addressing vulnerabilities in enterprise applications
     Best practices of high-performing organizations in reducing the application security risk.
  • Automating Open Source Security & Compliance in Global Cloud Communications Recorded: Sep 28 2021 49 mins
    Chris Wallace P. Security Architect Vonage|Valentine Weidel-Strategic Partner Alliances AWS|Brian Rogers-Channel WhiteSource
    With the growing adoption of software composition analysis (SCA), a technology that provides both developer-focused tools and governance solutions, more companies place developers, IT, security, and legal on the same page. This is the case of global cloud communications provider Vonage, which needed a SCA solution that could integrate both open source security and license compliance checks automatically throughout their SDLC.
    Join this webinar as Chris Wallace, Principal Security Architect from Vonage and Brian Rogers, Channel Sales Engineer from WhiteSource discuss:
    Best practices to manage open source risks throughout the SDLC
    How to reduce friction between security, development and compliance teams
    Vonage’s best tips and insights of how they gained full visibility and control regarding their open source libraries
  • Automate AppSec in Your CI/CD With SCA & DAST Recorded: Sep 28 2021 60 mins
    Shiri Arad Ivtsan, Director of Product & Scott Gerlach Co-founder and Chief Security Officer at StackHawk
    "We live in the age of DevOps. For organizations, this means speed and automation. AppSec, on the other hand, is often seen as slow and manual. This poses the question: how can organizations keep up with the speed, without having to leave AppSec behind?Join Shiri Arad & Ivtsan, Director of Product at WhiteSource and Scott Gerlach Co-founder and Chief Security Officer at StackHawk, as they discuss: The current challenges & pitfalls with Application security management today
    · Best practices for infusing automated, continuous security into your
    DevOps pipeline
    · The best AppSec tools to use in order to develop quickly and
    securely"
  • Cyber Attacks from Open Source perspective Recorded: Sep 20 2021 41 mins
    Sam Quakenbush, Sales Engineer Manager at WhiteSource & Zvika Ronen, CTO at FOSSAware
    From SolarWind to “Dependency confusion”, 2021 will be the year of open-source supply chain attacks, with an ever-growing number of hackers leveraging the increasing use of open source during software development to distribute malicious packages and exploit known vulnerabilities.
    Due to recent events, the software industry gained a deeper understanding about the potential risk of supply-chain attacks. Although this problem is complex with many aspects, solutions come faster when the problem is well-framed.
    In this webinar, we will suggest a simple framework to the open source vulnerability management challenge and few ways to secure your software supply chain and reduce potential risk.
  • Dependency confusion - How easy is to Hack Into Organisations Recorded: Sep 14 2021 61 mins
    Maciej Mansfield S.Prodct Manager WhiteSource, Eylam Milner, Co-Founder & CTO Argon Security
    Join the expert as they describe various types of supply chain attacks which have been observed and blocked in the past year. They will discuss their experience defending against malicious packages and artifactory manipulation, and how this knowledge can be used to enhance your security across all ecosystems
  • AppSec is Dead. Long Live DevSecOps! Recorded: Aug 19 2021 27 mins
    Matias Madou, CTO & Co-founder, Secure Code Warrior
    In the ancient times of software creation, we had AppSec, and we had developers.
    Generally, AppSec was aware of security problems, their impact, and code-level fixes. However, these remedies would rarely work in the custom tech stack of the company. Fast-forward to today, and our demand for software is greater than ever before, as is the risk of data breaches from common vulnerabilities. The days of a hands-off security approach for developers are over, and with the right training and tools, they can take advantage of this process, upskill their security awareness and stand out among their peers.
  • API Security: When Failure looks like Success Recorded: Aug 18 2021 26 mins
    Keith Casey
    APIs have become fundamental to our teams. While we’d like to believe it was a carefully executed plan, let’s be honest - there’s as much luck as foresight in the mix. Luckily, success drives success so it's worked. Unfortunately, that success has cost us. APIs have become a devastating attack vector for apps that store everything from financial records to passport information to your dating interests. In this session, we’ll reconsider some of our earliest assumptions and lay out some strategies for bringing our APIs out of the shadows and protecting ourselves, our partners, and our customers.
  • Dependency confusion - How easy is to Hack Into Organisations Recorded: Aug 11 2021 61 mins
    Maciej Mansfield S.Prodct Manager WhiteSource, Eylam Milner, Co-Founder & CTO Argon Security
    Join the expert as they describe various types of supply chain attacks which have been observed and blocked in the past year. They will discuss their experience defending against malicious packages and artifactory manipulation, and how this knowledge can be used to enhance your security across all ecosystems
  • Threat Modeling: Finding the Worst Vulnerabilities You'll Never Write Recorded: Aug 3 2021 58 mins
    Matthew Butler
    Threat Modeling is fundamental to understanding risk. We do it every day: driving a car, crossing a street, walking alone at night in an strange city. Darkness, isolation, insecurity, vulnerability all trigger our threat modeling instincts. And that's exactly where our systems operate. In this talk, we'll see how to use threat modeling to find the worste vulnerabilities hidden in the complexity of our systems by uncovering architectural flaws early, exposing attack surfaces, identifying attack vectors. You can't code your way out of a bad architecture but you can threat model your way out.
  • Dependency confusion - How easy is to Hack Into Organisations Recorded: Jul 31 2021 61 mins
    Maciej Mansfield S.Prodct Manager WhiteSource, Eylam Milner, Co-Founder & CTO Argon Security
    Join the expert as they describe various types of supply chain attacks which have been observed and blocked in the past year. They will discuss their experience defending against malicious packages and artifactory manipulation, and how this knowledge can be used to enhance your security across all ecosystems
  • Cyber Attacks from an Open Source perspective Recorded: Jul 27 2021 41 mins
    Sam Quakenbush, Sales Engineer Manager at WhiteSource & Zvika Ronen, CTO at FOSSAware
    From SolarWind to “Dependency confusion”, 2021 will be the year of open-source supply chain attacks, with an ever-growing number of hackers leveraging the increasing use of open source during software development to distribute malicious packages and exploit known vulnerabilities.
    Due to recent events, the software industry gained a deeper understanding about the potential risk of supply-chain attacks. Although this problem is complex with many aspects, solutions come faster when the problem is well-framed.
    In this webinar, we will suggest a simple framework to the open source vulnerability management challenge and few ways to secure your software supply chain and reduce potential risk.
  • Embarking on Digital Transformation with DevSecOps Recorded: Jul 20 2021 61 mins
    Erik Larson, R.Director and lead Cloud Practitioner Crosslake, Brian Rogers, S.Engineer Global Channels whiteSource
    Digital transformation has become a key foundational change in how organizations deliver value to their customers. Especially in the wake of the coronavirus pandemic, IT organizations have been embarking on Agile and DevOps transformations at scale to achieve Digital Transformations. However, too often, a key component is left behind - the subject of security. Organizations must reassess their security strategies and infrastructure especially when moving to the cloud which requires security tools that enable secure coding and vulnerability remediation.
    Join Erik Larson, Regional Director and Lead Cloud Practitioner from Crosslake, and Brian Rogers, Solutions Engineer Global Channels and Alliances from WhiteSource, as they discuss:
    How IT Organizations should embark on DevOps Transformation journeys to improve their chances of success
    What are the application security technologies that are important to implement in order to face modern threats
    Best practices of high performing organizations in reducing the application security risk
  • The Main Application Security Technologies to adopt in 2021 Recorded: Jul 13 2021 49 mins
    Shiri Arad Ivtsan, Director of Product at WhiteSource
    It's no secret that 2020 was a difficult year. The pandemic, and as a result, the lockdowns and quarantines sent tens of millions of global workers home, and the remote work caused a dramatic increase in the number of ransomware, phishing attacks, and accidental breaches by employees working at home.
    Despite the increases in these exploits, the application layer continues to be the most attacked and the hardest to defend.

    Join Shiri Arad Ivtsan, Director of Product at WhiteSource, as she shows:
    -What are the three AppSec technologies organizations should implement in the next year
    -How to keep organizations’ application security posture up to date and resistant to modern threats
    -Best practices when implementing each technology.
  • why-empowering-developers is a game changer for application security Recorded: Jun 30 2021 59 mins
    Maciej Mansfield S.Prodct Manager WhiteSource,Nicolas Bontoux PMM & Kirti Joshi PMM at SonarSource
    The 'Shift Left' mindset is a major game changer for Application Security. Not only is it a paradigm shift in the way developers (not just security teams) use these tools, but also how they are built and integrated into workflows.
    In this webinar, SonarSource and WhiteSource will share real-life insights and learnings on how empowering developers with the right tools positively impacts application security. Through the lens of different technologies (SAST & SCA) you will discover the foundations of developer adoption of security tooling, how it pairs with workflows already in place, and how teams can directly benefit from them. Join us to hear more from our Product Teams in person!
  • Shifting Priorities of Digital Native Security Recorded: Jun 22 2021 57 mins
    Rhys A.,Director PM at WhiteSource,Michiel P.,CO.F&PL at HackerOne,Scott W.,PSA at AWS,Dragan P. S.Director AppSecurity,IGT
    When shifting to or even starting out as a Digital Native company, there naturally comes new security topics which companies need to be aware of, including access control, auditing and disclosure.
    But there has also been a shift in older security topics as well, including some being less of a concern. As a result, there’s a need to enable security teams with higher visibility, scalability and expertise to adapt to an evolving digital ecosystem.
    For example, should a modern security strategy be based on the assumptions that source code will never be leaked, or that "internal" networks will never be breached?
    In this Roundtable, our experts will discuss:
    1. The challenge for cybersecurity teams is finding effective ways to deliver and maintain security at the speed of digital transformation.
    2. How can modern security platforms can help organizations stay ahead of potential threats?
    3. How have the relative importance of security threats changed as companies and products shift to being digital natives?
An open source security and licenses management solution
WhiteSource allows engineering, security and compliance officers to effortlessly secure and manage the use of open source components in their software, allowing developers to focus on building great products. WhiteSource fully automates all open source management processes: component detection; security vulnerability alerts and fixes; license risk and compliance analysis along with policy enforcement; quality review, and new version alerts. It offers a complete suite of control, reporting and management to help software teams manage open source truly effortlessly. For more information about WhiteSource, visit http://www.whitesourcesoftware.com or follow us on twitter: @whitesourcesoft

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: The State of Open Source Security Management
  • Live at: Mar 6 2019 12:00 am
  • Presented by: Rami Sass, CEO, WhiteSource & Vince Tocce, Host, Vince in the Bay Podcast
  • From:
Your email has been sent.
or close