Name: Roundtable Discussion: Application Security
Start: 2022-12-20T06:57:00Z
End: 2022-12-20T07:57:52.000Z
Location: BrightTALK
Rating: 5

Mend, formerly known as WhiteSource, effortlessly secures what developers create. Mend uniquely removes the burden of application security, allowing development teams to deliver quality, secure code, faster. With a proven track record of successfully meeting complex and large-scale application security needs, the world’s most demanding software developers rely on Mend. The company has more than 1,000 customers, including 25 percent of the Fortune 100, and manages Renovate, link here, the open-source automated dependency update project.  For more information, visit www.mend.io, the Mend blog, and Mend on LinkedIn and Twitter. 

Threat actors are after our sensitive data. In 2023, the number of malicious packages published to Node Package Manager (npm) and RubyGems ballooned 315% compared to 2021, and 85% of malicious packages discovered in existing applications were capable of exfiltration – meaning they could cause an unauthorized transmission of information. Software packages containing malicious code are a growing threat, and they may have unknowingly infiltrated your applications.
Join VP of Product Management, Jeff Martin and Principal Product Architect, Maciej Mensfeld as they dig into the findings from the Mend Malicious Packages Special Report and discuss how  Mend.io’s 360-degree malicious package protection can help defend against this insidious threat.

Malicious Packages Special Report: Attacks Move Beyond Vulnerabilities

Spoiler alert: In 2022, audits found open source in 100% of our customer engagements.

Since open source usages are now so pervasive, companies are increasingly concerned about the security of applications built on the foundation of open source components. Consequently, open source security and license compliance are primary concerns of acquirers and targets involved in tech merger and acquisition (M&A) transactions. Acquiring companies must be aware of the potential open source risks they may be inheriting along with the intellectual property in their targets’ codebases, identifying open source in the target’s code base is essential to M&A transactions involving software.

Join this webinar to learn more about:

What’s the risk of not evaluating open source in M&A?
How can companies prepare to avoid legal risks of non-compliance
What is the role of open source license compliance?

What You Don't Know Can Hurt You-Open Source License Compliance and M&A Activity

Supply chain attacks made headlines in 2022, sending shockwaves through the industry as security and business leaders scrambled to reexamine the security of their own supply chains. In this webinar, experts talk through the stages of a supply chain attack and the different types of attacks to look for. You will also learn what tools and strategies you can start using immediately to assess your own supply chain security and put defenses in place to keep your supply chain protected.

During this webinar you will:

Learn about where hidden supply chain vulnerabilities might be lurking in your systems.
Get tactics for how to assess your current supply chain security.
Find out how SBOMs can be most effectively used to shore up the software supply chain.
Presented by featured speakers Jason Clark & Jeffrey Martin. Moderated by Becky Bracken.

"How Supply Chain Attacks Work - And What You Can Do to Stop Them"

Organizations of all kinds are experiencing increasing volumes, frequency and severity of cyberattacks. 71% of IT and security leaders say that their portfolio of applications has become more vulnerable in the last year alone, and cybercrime is expected to cost companies worldwide around $10.5 trillion annually by 2025. To fight this trend, organizations need a resilient AppSec strategy that can reinforce trust, reliability and security when faced with adverse conditions.

In this program, we'll examine what drives this need, what DevOps can do to strengthen application security, and what are the key principles of effective AppSec programs. You’ll discover:

* Why cyberattacks on applications and the software supply chain have increased
* How increased use of open source software, cloud-based services and custom-built applications contributes to the risks
* The five key principles organizations should follow to optimize their AppSec: Prevention, shifting smart, automation, governance and cultural change

Five Principles of Modern Application Security Programs

Securing the Software Supply Chain
Key Findings From the Mend Open Source Risk Report

Open source vulnerabilities are in permanent growth mode. A significant quarterly increase in the number of malicious packages published in registries such as npm and rubygems have shown the increasing need to protect against this trending attack. At the same time, companies that struggle to close the remediation gap on known vulnerable open source code. It’s all in the The Mend Open Source Risk Report, which details these and other significant risks posed by the ongoing rise in open source vulnerabilities and software supply chain attacks.

Join Jeff Martin, Vice President of Product Management at Mend, as he discusses key findings from the report—and why this growing threat is a mounting concern in an app-driven world.

Securing the Software Supply Chain

Threat actors operate by an ironclad rule: If it’s important to businesses, it’s important to them. And they certainly understand the crucial business role of applications. Applications are now the number one attack vector, while software supply chain attacks increased 650 percent in a year. Clearly, if you don’t already have a modern application security program that can support today’s digital world, you need to build one. 
But how do you make sure that your program will be effective? To achieve this, you should answer a set of key questions that we cover in this webinar, where you'll learn:
* What you should know to build an effective AppSec strategy (and probably don’t)
* Why and how to you can ensure that you have buy-in to AppSec from the top down in your organization
* How and why to bake in application security to developers’ working practices
* Why you should think like attackers to beat them
* What tools and strategies enable you to achieve this
* Why AppSec needs to be integrated across the entirety of a development program

The CISO's Guide to AppSec Innovation

Building a Modern Application Security Strategy for an App-Run World

As a foundational element of the online world, applications are a top target for threat actors. However, traditional application security (AppSec) strategies often prove ineffective. To adapt and defend against our constantly evolving threat landscape, organizations need to build a modern AppSec strategy based on today's digital world.

Join Jeffrey Martin, VP of Outbound Product Management at Mend, and guest speaker Janet Worthington, Senior Analyst at Forrester as they discuss the state of application security today in a constantly changing environment.

Discussion points:
• The State of Application Security
• The modern application attack surface
• Shift focus to secure the modern application

Building a Modern Application Security Strategy for an App-Run World

Attacks on software supply chains have greatly accelerated the rate at which organizations are now embracing DevSecOps best practices to secure both legacy monolithic and emerging cloud-native applications. Adopting a DevSecOps approach can help maintain the speed of application development and deployment while ensuring the security and stability of applications.

But the range of technologies and best practices required to achieve and maintain application security vary widely, and each organization may choose a combination of different tools to achieve the same result. Each organization will need to determine for themselves how far they want to shift responsibility for application security left toward application developers.

Roundtable Discussion: DevSecOps

Your Bitbucket Cloud repos are key to building best-in-breed applications and a great place to shift left for better open source security. With other software composition analysis (SCA) tools, keeping your repos safe can be a cumbersome process requiring frequent tool-switching. Now, you can integrate world-class open source security that automates remediation and reduces mean time to recovery (MTTR) by 80% or more, all while staying in the Bitbucket Cloud repositories that your teams know and love. 

Join us for a 30-minute webinar to learn:
* Why open source security works better when it shifts left to the repository stage
* How software composition analysis (SCA) tools can help you find and fix vulnerabilities
* How to automatically remediate vulnerabilities without ever leaving the Bitbucket Cloud UI

More Security, Less Tool Switching: Mend SCA for Bitbucket Cloud

AWS and Mend can help support your security strategy - Learn how in our latest fireside chat on application security
A modern AppSec approach includes strategies and technologies that help teams prioritize—giving them tools to zero-in on the security vulnerabilities that present the biggest risk so that they can address them as quickly as possible. Learn how you can implement these strategies in a fireside chat with the experts from Amazon Web Services (AWS) and Mend.

In this conversation, you'll learn:
* How Mend’s comprehensive approach to modern application security can support your organization
* Why the collaboration between Mend and AWS supports enhanced security
* Best practices for application security for cloud-native architectures
* Ways to reduce the software attack surface, decrease the number of security alerts, and save developers’ time

Building a Modern AppSec Program

Until recently, application security testing was cumbersome and time-consuming. Now, enterprises using Azure DevOps Repos can add automated application security testing directly to the repo. This DevSecOps approach combines convenience for developers along with features that security professionals want such as centralized deployment, management and policy enforcement.

If your organization uses Azure DevOps, attend this webinar to learn how easy it is to add application security testing to your repo. This solution from Mend will allow you to:
* Scan open source code to identify vulnerabilities and license compliance violations
* Scan custom code to identify code flaws
* Detect problematic components early in the SDLC
* Save time and remediate security issues efficiently

Speakers:
* Vital Batyr, Product Manager at Mend 
* Andy Huang, Cloud Solution Architect at Microsoft
* Michael Holder, DevOps Specialist at LEARFIELD

The Need for Speed: Accelerated AppSec Scanning in Azure DevOps Repos

The banking industry lives and dies by being fast, accurate, and completely dependable. It’s critical that you can detect, identify, and remediate software vulnerabilities as fast as possible, to reinforce application security most effectively. This is particularly vital with open source software that is increasingly prevalent in your sector, where its use continues to grow at pace.

What software and application security needs and concerns are particular to banking?
What patterns of components and dependencies’ consumption and usage characterize the banking sector?
What are the actionable insights for improving the state of software and application security in banking?
What challenges to software and application security does the sector face, and what are the solutions for these challenges?
What obstacles are there to improving industry-wide collaboration, and what can advanced security solutions offer to overcome these obstacles?
What can open source contributors do to ensure that they are not causing vulnerabilities in the banking software supply chain?

Speakers:
Rhys Arkins, Mend VP Product Management
Kate Stewart, Linux Foundation Senior Director of Strategic Programs and SPDX founder
Amol Shukla, Morgan Stanley Executive Director and FINOS DevOps SIG Lead

Software Security Challenges and Opportunities in Banking

While software composition analysis (SCA) has been around for years, today’s analysts are enhancing their recommendation for enterprise development teams to use the technology. One example: at the recent Gartner Security and Risk Management Summit, Gartner analyst Dale Gardner said: “Managing open-source software is the easiest and most impactful thing you can do to improve your application security program.” 

Attend this webinar to learn more about:
* How software composition analysis (SCA) works 
* How recent advances have made SCA easier than ever to use, with an outsize impact to security programs

Why Software Composition Analysis is Transformational Technology

How prepared was your firm to handle the Log4j vulnerability that was announced in December 2021? 
The best firms were prepared and loaded for bear, and they completely mitigated and remediated their risk within hours of the announcement. 
What can you learn from their approach and how can you prepare for the next inevitable widespread vulnerability?

In this webinar, security experts from AWS and Mend (formerly WhiteSource) will explain how you can be prepared to handle the next major vulnerability announcement. 
Register now and learn what “good” looks like, as well as:
- Tips for proper preparation: Know your attack surface
- How to guarantee a quick reaction: Leverage your cloud controls
- The path to full remediation: Leverage application security tools such as SCA

How to Leverage Defense-in-Depth to Prepare For the Next Log4j

Cybersecurity resilience is a priority for enterprises that have ramped up digital transformation and distributed workforces in the past few years. However, differences of opinion about the urgency of application security solutions can be detrimental to enterprises.

According to the latest World Economic Forum research, “While 92% of business executives agree that cybersecurity resilience is integrated into enterprise risk management strategies, only 55% of security-focused executives surveyed agree with the statement.”

This disconnect often occurs because the software development life cycle has accelerated considerably and developers are reluctant to adopt security procedures that will slow them down. The result is gaps in resilience that DevSecOps leaders must respond to.

Join Jeff Martin, Mend’s vice president of product, in a fascinating discussion, to a discover:
* The benefits of using one interface to find and fix open source and proprietary code security issues – it is so seamless it seems almost invisible
* How to reduce the time that would have been spent on remediation by telling developers exactly how to fix issues, so no time is wasted researching

Closing the Gap: Reducing Enterprise AppSec Risks Without Disrupting Deadlines

Recent high-profile software supply chain breaches have sharpened the focus on application security. However, as cybersecurity professionals know all too well, concern doesn’t always equate to action. In theory, the rise of DevSecOps best practices that shift responsibility for application security further left should reduce, or outright eliminate, the vulnerabilities that now routinely make it into production applications.

Unfortunately, it’s still early days as far as DevSecOps is concerned, so the impact this shift might have is, at best, limited, especially when you consider the level of security knowledge the average developer possesses. Cybersecurity professionals know in their bones that developers are the root cause of most of the issues they face daily. It’s not that developers deliberately build and deploy vulnerable applications; rather, they simply don’t know what to look for. By the time the application is scanned—usually a few days before it’s supposed to be deployed—it’s too late to do much more than make note of the security flaws that need to be addressed. Breaking that cycle will require cybersecurity teams to meaningfully engage developers much earlier in the application development life cycle.

Roundtable Discussion: Application Security

Application Security

Application Development

Cyber Security

Cyber Attacks

Cyber Defence

Threat Detection

Security Awareness

Cyber Threats

Malicious Packages

Open Source Code

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

Join thousands of engaged IT professionals in the application management community on BrightTALK. Interact with your peers in relevant webinars and videos on the latest trends and best practices for application lifecycle management, application performance management and application development.

Application Management

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Roundtable Discussion: Application Security

Presented by

About this talk

More from this channel