Hi [[ session.user.profile.firstName ]]

How To Ship Secure Code With Confidence

It is estimated that, globally, 111 billion lines of code is produced every single year. In a rapidly digitizing world, that number is only set to grow larger… along with the potential for more security issues. We are facing an uphill battle against a general AppSec skills shortage, the need for production at the speed of company innovation, and siloed teams not working to the same application security goals. With over 4 billion records stolen as a result of data breaches in 2019 alone, this has to change.

Security awareness programmes remain a powerful, yet underutilised tool to inspire organizations to stay security-focused and engage teams to do their part in the fight against vulnerable code. With the right security awareness programme, you can effectively bridge the gap between the AppSec and dev cohorts, fostering a positive and collaborative culture to achieve common goals and create a better standard of software.
Recorded Nov 11 2020 38 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Matias Madou, CTO, Secure Code Warrior
Presentation preview: How To Ship Secure Code With Confidence

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Secure Coding Best Practices May 25 2021 5:00 pm UTC 58 mins
    Matthew Butler, Principal Engineer
    Computer systems are under siege 24 hours a day, day in and day out. The critical security infrastructure designed to protect those systems, won’t. The other side has the best security hardware and software systems other people’s money can buy and they have all the time in the world to find creative ways to defeat them. Meltdown and Spectre are prime examples of security vulnerabilities that have lurked dormant for decades. Or have they? If your systems are in any way connected to the outside world, the other side will get inside the wire on you. Know that going in.

    Whether you write applications, libraries or work in kernel code, the line of code you write today may very well be the vulnerability someone else finds tomorrow. By nature, every code base contains hundreds of attack surfaces and it only takes one serious vulnerability to compromise your system.

    In this talk we’ll see:

    -How hackers think and how they identify weaknesses in our systems.
    -How to identify hidden attack surfaces, attack vectors and vulnerabilities in critical systems.
    -Where the most common vulnerabilities in Modern software development are and how to avoid them.
    -Why common guidelines and static analysis tools often fail to find vulnerabilities.
    -How to use Threat Modeling to analyze complex systems and built security into our systems at design time.
    -How to use Trust Boundaries to protect critical infrastructure.
    -Why open source and third-party libraries are fast becoming hidden liabilities in our software and how to protect ourselves against their vulnerabilities.
    -What the best practices for protecting our code from attack are.


    The critical security infrastructure designed to protect your systems is largely out of your control. The one thing you can control is the next line of code you write. This talk is for anyone writes kernel, applications, or libraries that run in the real-world and that face real-world attacks.

    In today’s world, that’s all of us.
  • Cyber Attacks from Open Source perspective May 20 2021 5:00 pm UTC 41 mins
    Sam Quakenbush, Sales Engineer Manager at WhiteSource & Zvika Ronen, CTO at FOSSAware
    From SolarWind to “Dependency confusion”, 2021 will be the year of open-source supply chain attacks, with an ever-growing number of hackers leveraging the increasing use of open source during software development to distribute malicious packages and exploit known vulnerabilities.
    Due to recent events, the software industry gained a deeper understanding about the potential risk of supply-chain attacks. Although this problem is complex with many aspects, solutions come faster when the problem is well-framed.
    In this webinar, we will suggest a simple framework to the open source vulnerability management challenge and few ways to secure your software supply chain and reduce potential risk.
  • Open Source Security: How to Lay the Groundwork for a Secure Culture May 18 2021 5:00 pm UTC 46 mins
    Guy Bar Gil, Product Manager
    Open-source components are prevalent in approximately 97% of modern applications and dominate anywhere between 60-80% of their codebases.

    This is hardly surprising given how integrating open source accelerates software development and enables organizations to keep up with today's frantic release pace and standards of constantly supplying new features and improvements.
  • DevSecOps: Closing the Loop from Detection to Remediation Recorded: May 11 2021 60 mins
    Shiri Ivtsan, Senior Product Manager
    DevSecOps sets out to relieve the costly and stressful delays that can occur when security testing is performed late in the game, by setting up processes and tools for "shifting left" so security testing can happen early and often. As organizations continue to embrace this DevSecOps approach, testing tools and practices are integrated even further left in the development pipeline.

    Join Senior Product Manager, Shiri Ivtsan, as she discusses:

    Where and how developers are implementing DevSecOps in the SDLC;
    Best practices for developers to adopt DevSecOps and more efficiently handle vulnerabilities;
    Necessary steps for implementing a process for detection, prioritization, and remediation of open source vulnerabilities.
  • From Zero to Hero: Continuous Container Security in 4 Simple Steps Recorded: May 4 2021 58 mins
    Shiri Ivtsan, Product Manager at WhiteSource
    Containers are shaping the way organizations are developing and managing applications nowadays. However, many are not always fully aware of the measures that need to be taken across the entire software development lifecycle, especially when it comes to open source security aspects. The mindset of securing our applications needs to be shifted – to continuous security. In this session, Shiri Ivstan, Product Manager at WhiteSource, will discuss:

    1) the main security challenges organizations face when using containers;

    2) the most common layers in a typical container deployment; and

    3) 4 simple steps to build security into each layer.
  • Cyber Attacks from Open Source perspective Recorded: May 2 2021 41 mins
    Sam Quakenbush, Sales Engineer Manager at WhiteSource & Zvika Ronen, CTO at FOSSAware
    From SolarWind to “Dependency confusion”, 2021 will be the year of open-source supply chain attacks, with an ever-growing number of hackers leveraging the increasing use of open source during software development to distribute malicious packages and exploit known vulnerabilities.
    Due to recent events, the software industry gained a deeper understanding about the potential risk of supply-chain attacks. Although this problem is complex with many aspects, solutions come faster when the problem is well-framed.
    In this webinar, we will suggest a simple framework to the open source vulnerability management challenge and few ways to secure your software supply chain and reduce potential risk.
  • AWS Oil and Gas Roundtable Recorded: Apr 27 2021 52 mins
    Jason Hammond,Head SE WhiteSource,Paco Hope,CSS Amazon,WS,Vivek Wandile, SA Wipro,Adam Jordan,Capability Center Lead ,Shell
    As part of their journey to Digital Transformation, Oil & Gas enterprises are shifting their focus on becoming agile through DevOps in order to provide efficiency and productivity. Because there is no single standard DevOps methodology, many companies are finding it challenging to manage security requirements, which contributes to a slow start, slow delivery, and overall difficulty to scale.

    In this roundtable, we will discuss the challenges, the risks, and the different methodologies available to enforce security and compliance throughout the Software Development Lifecycle (SDLC) without having to compromise on security or agility while addressing the objectives of The Open Group Open Subsurface Data Universe (OSDU) Forum.

    Key outcomes from the session: Identify key application security requirements and learn how to deliver secure code at the speed of DevOps Learn how to achieve compliance with OSS licenses according to company policies and industry regulations Learn how to increase developer agility and decrease capital expenses
  • Automate AppSec in Your CI/CD With SCA & DAST Recorded: Apr 20 2021 59 mins
    Shiri Arad Ivtsan, Director of Product & Scott Gerlach Co-founder and Chief Security Officer at StackHawk
    "We live in the age of DevOps. For organizations, this means speed and automation. AppSec, on the other hand, is often seen as slow and manual. This poses the question: how can organizations keep up with the speed, without having to leave AppSec behind?Join Shiri Arad & Ivtsan, Director of Product at WhiteSource and Scott Gerlach Co-founder and Chief Security Officer at StackHawk, as they discuss: The current challenges & pitfalls with Application security management today
    · Best practices for infusing automated, continuous security into your
    DevOps pipeline
    · The best AppSec tools to use in order to develop quickly and
    securely"
  • AWS Oil and Gas Roundtable Recorded: Apr 19 2021 52 mins
    Jason Hammond,Head SE WhiteSource,Paco Hope,CSS Amazon,WS,Vivek Wandile, SA Wipro,Adam Jordan,Capability Center Lead ,Shell
    As part of their journey to Digital Transformation, Oil & Gas enterprises are shifting their focus on becoming agile through DevOps in order to provide efficiency and productivity. Because there is no single standard DevOps methodology, many companies are finding it challenging to manage security requirements, which contributes to a slow start, slow delivery, and overall difficulty to scale.

    In this roundtable, we will discuss the challenges, the risks, and the different methodologies available to enforce security and compliance throughout the Software Development Lifecycle (SDLC) without having to compromise on security or agility while addressing the objectives of The Open Group Open Subsurface Data Universe (OSDU) Forum.

    Key outcomes from the session: Identify key application security requirements and learn how to deliver secure code at the speed of DevOps Learn how to achieve compliance with OSS licenses according to company policies and industry regulations Learn how to increase developer agility and decrease capital expenses
  • The Main Application Security Technologies to adopt in 2021 Recorded: Apr 13 2021 48 mins
    Shiri Arad Ivtsan, Director of Product at WhiteSource
    It's no secret that 2020 was a difficult year. The pandemic, and as a result, the lockdowns and quarantines sent tens of millions of global workers home, and the remote work caused a dramatic increase in the number of ransomware, phishing attacks, and accidental breaches by employees working at home.
    Despite the increases in these exploits, the application layer continues to be the most attacked and the hardest to defend.
    Join Shiri Arad Ivtsan, Director of Product at WhiteSource, as she shows:
    -What are the three AppSec technologies organizations should implement in the next year
    -How to keep organizations’ application security posture up to date and resistant to modern threats
    -Best practices when implementing each technology.
  • Tackling Open Source Governance in the Enterprise Recorded: Apr 6 2021 60 mins
    Jeff Martin Associate VP Product Management and Eric Tice - Director, Global Open Source SME Lead at Wipro Limited
    The growing scale of Open Source adoption requires organizations to invest in implementing the right toolsets and processes to govern an increasingly complex Open Source licensing landscape, as well as minimize the potential legal risks.
    The application of these policies and processes can be collectively referred to as an Open Source Governance framework.
    Investing in industry proven tools & leveraging the correct tools during the appropriate phases of the SDLC will allow an organization to implement a scalable and reliable open source governance framework to reduce risk and potential for compliance related issues across the enterprise.
    In this webinar, our experts will discuss how to build a strong Open source governance framework and review the appropriate tools that can benefit organizations to ensure Open Source compliance and risk mitigation.
  • Selecting Right Technology Solution as Part of Your Conformance to OpenChain ISO Recorded: Mar 29 2021 62 mins
    Shiri Arad Ivtsan,Director of Product,WhiteSource,Shane Coughlan,GM OpenChain & Martin Callinan,Director, Source Code Control
    OpenChain ISO/IEC 5230 is the International Standard for open source license compliance. Its relevance to modern software development is growing, and it allows companies of all sizes and in all sectors to adopt the key requirements of a quality open source compliance program.
    The need to manage the software supply chain has never been more important given the ever-increasing dependence on third party open source to deliver software solutions at speed.
    In order to reach that standard, it is vital to have the right Software Composition Analysis tool that performs automated scans of an application’s code base, including related artifacts such as containers and registries, to identify all open source components as well as their license compliance data.

    In this webinar, our experts will present how the OpenChain Specification evolved to become an ISO standard, and will discuss the importance of choosing the right SCA tool for organizations to adopt, so they can focus on value-added activities that drive the success of their businesses.
  • Simplifying Open Source Cyber Security Risks Recorded: Mar 22 2021 49 mins
    Shiri Arad Ivtsan, Director of Product at WhiteSource, Yaniv Ozerzon, CEO & Zvika Ronen CTO at FOSSAware
    Encompassing over two-thirds of the average commercial software, open-source has become an essential part of modern software development. Undermanaging the consumption and redistribution of Open source expose the enterprise to extensive legal and security risks and is no longer a viable option. Having an effective Open Source compliance program is a key differentiator marking industry-leading enterprise companies such as Google, Microsoft, and others. With over 450 Open Source components in the average application, choosing the right Software Composition Analysis (SCA) application is a key decision to minimize Open Source associated risks.

    In this webinar, our experts will discuss the importance of choosing the right SCA tools organizations must adopt as part of an effective Open Source compliance program and the new ISO standard (ISO/IEC 5230) for open source license compliance.
  • How to Reduce Enterprise Application Security Risks Recorded: Mar 17 2021 59 mins
    Jeffrey Martin, Associate VP product & Lilach Aviad Director of Product Marketing
    WhiteSource, in conjunction with Ponemon Institute, recently surveyed over 600 IT and IT security practitioners who are familiar with their organizations’ approach to securing applications – and here’s a spoiler: the highest level of security risk is considered by many organizations to be in the application layer. So what can Enterprise organizations do to reduce their application security risks? Join Jeffrey Martin, Associate VP Product at WhiteSource and Lilach Aviad, Director of Product Marketing, as they present:
     Why applications are more vulnerable to attack than other areas of vulnerabilities.
     Addressing vulnerabilities in enterprise applications
     Best practices of high-performing organizations in reducing the application security risk.
  • Best Practices for Developers to Master Security Recorded: Mar 8 2021 44 mins
    Shiri Arad Ivtsan, Director of Product & Anna Rozin, Director of R&D at WhiteSource
    When you ask developers what they think of security, they will likely go into the situation without much enthusiasm as in their mind - security is slowing them down and holding them back from doing their ""actual"" job. But – it doesn't necessarily have to be that way. The friction between developers and security teams can be reduced if the right tools and processes are in place.
    Want to learn how handling security can be quick, efficient, and integrate into daily workflows?
    Join Anna Rozin, Director of R&D at WhiteSource, and Shiri Arad Ivtsan, Director of Product at WhiteSource, who will share their hands-on experience in managing open source components with WhiteSource tools. In this webinar, you'll learn:
    - Practical advice on testing, managing and fixing vulnerabilities in open source code packages
    - The tools and processes to handle security in a fast and effective way
    - How to empower developers with security data through prioritization and remediation tips
  • Early Warning Signs For Open Source Breakages Recorded: Feb 25 2021 22 mins
    Rhys Arkins, Director of Product Management
    Despite best intentions, Open Source releases with regression errors are published every day.
    In the best case scenario, a downstream user detects it early thanks to good tests, files an issue, and the maintainer can fix it before too many people have upgraded.
    Other scenarios involve various degrees of brokenness and games of "is it broken for everyone or just me?".

    Renovate Bot is an open source dependency automation tool but which also is run as a free app on github.com, where it is installed into almost 200,000 repositories.
    A feature called "Merge Confidence" helps downstream users know if a release is likely good or not based on automatically sourced crowd data (tests, deployments, rollbacks). Now we are planning to turn the focus upstream to help open source maintainers get an early indication of accidentally breaking releases and even provide a mechanism for downstream users to opt into silent pre-release testing so that major features can be smoke tested downstream before release.
  • AppSec 2021: What’s Next? Recorded: Feb 23 2021 20 mins
    Shiri Arad Ivtsan, Director of Product Management at WhiteSource
    2020 has been an interesting year to say the least! So how can we go into 2021 prepared for what's to come? Looking at the AppSec world, we can surely say that application security is an essential part of the software development lifecycle, and making sure it is secured should be our top priority in today’s ever-evolving and expanding digital ecosystem.

    Organizations today invest a lot of time and money in tools and processes that help them secure their applications and they will continue on doing that in 2021.

    But are they putting their money in the right place? How can software development organizations make sure that they have all the tools and processes in place to effectively address the many threats to application security?

    Join Shiri Arad Ivtsan, Director of Product Management at WhiteSource as she discusses:

    1. The most common external attack methods in the year to come and the main AppSec technologies we will use in 2021

    2. The maturity model of application security and the importance of DevSecOps

    3. How to keep up in order to protect against current threats to your applications.
  • The State of Open Source Security & Compliance: Best Practices Recorded: Feb 16 2021 51 mins
    Jason Hammond, Director of Solution Engineering at WhiteSource
    Open Source components have become a fundamental part of modern software applications. With the massive growth of the open source vulnerabilities over the past few years, the overall landscape of ensuring security, quality, and compliance might seem complex and challenging.

    There are ways to gain visibility and control over the open source components that make up the products that we release, but we must first address the risks so we can take the proper measures to avoid them.

    In this session you’ll discover:
    * How to address the needs of the entire organization, gain visibility and control, and prevent risk.
    * Where a vulnerable functionality is referenced within the code, so you can address and remediate the most critical issues and reduce security alerts by 85%
    * Learn how to automate the process of identifying all licenses that are attached to the dependencies whenever a new open source component is added to the build.
  • Open Source Security & Compliance for Containers and Serverless Functions Recorded: Feb 9 2021 44 mins
    Jason Hammond, Director of Solution Engineering at WhiteSource
    Nearly all cloud providers offer serverless capabilities and support containerized deployment of their customers’ applications. As organizations begin or continue to integrate serverless functions and containerized deployment into their operations, they will need to take the necessary precautions to ensure that their serverless functions and container images are secure.

    In this session you will learn why it is important to scan container images and serverless computing environments for open source libraries, and best practices for doing so, including:

    * Continuous scanning and monitoring of open source use in container images and serverless functions
    * Building a comprehensive inventory of open source libraries used in containers and serverless functions
    * Policy-driven management of security vulnerabilities and license compliance in container images and serverless functions
  • Financial Services: Building Agility and Security Recorded: Jan 27 2021 49 mins
    Jason Hammond, Director of Solution Engineering at WhiteSource
    Technology is rapidly reshaping the financial services workforce. In 2004 the Federal Financial Institutions Examination Council (FFIEC) has released the "Risk Management for the Use of Free and Open Source Software" guidance. This guidance reviews the risks and controls associated with the use of free and open source software (FOSS).

    Since open source components are an integral part of any software solution, their use must be carefully managed, documented and reported. However, many organizations still face security and compliance issues, that if not addressed, could cost them millions and even billions of dollars.

    Discover how financial service organizations can enhance operational risk management while ensuring speed and agility.

    In this webcast, we'll cover:
    - How to increase confidence in your development process with the ability to audit, review and automate security scans as a core part of the development lifecycle.
    - Best practices when incorporating security early in the developer's workflow
    - How to create a trusted pipeline
An open source security and licenses management solution
WhiteSource allows engineering, security and compliance officers to effortlessly secure and manage the use of open source components in their software, allowing developers to focus on building great products. WhiteSource fully automates all open source management processes: component detection; security vulnerability alerts and fixes; license risk and compliance analysis along with policy enforcement; quality review, and new version alerts. It offers a complete suite of control, reporting and management to help software teams manage open source truly effortlessly. For more information about WhiteSource, visit http://www.whitesourcesoftware.com or follow us on twitter: @whitesourcesoft

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: How To Ship Secure Code With Confidence
  • Live at: Nov 11 2020 6:00 pm
  • Presented by: Matias Madou, CTO, Secure Code Warrior
  • From:
Your email has been sent.
or close