DevSecOps in a Dangerous World

Open Source components are the new normal in software development teams, as today’s modern enterprise applications are 85% Open Source.

Though they have the potential to accelerate innovation, Open Source components can also cause a host of issues when used in a development lifecycle without proper sourcing and management.

With 1 in 10 open source components containing a known vulnerability, using them improperly can lead to detrimental vulnerabilities, risks, rework, and waste in the long run.

Sonatype exists to unite software developers, security professionals, and IT operations. Alongside partners Orasi and Saltworks, they empower teams to continuously and remediate open source risk, without slowing down production.

Learn how this partnership between Orasi, Saltworks, (Orasi’s joint-venture dedicated to building world-class Application Security programs), and Sonatype can help you and your enterprise, in an upcoming webinar.

Join us to hear how Orasi, Saltworks, and Sonatype’s powerful services and solutions can:
- Shift development culture to the left by securing the building blocks of your applications at their foundations
- Monitor which components are being used by development teams in
the earliest stages of development, preventing the usage of insecure
components that might cause backtracking and slowdown in
production, later down the road
- Create a Software Bill of Materials for your teams, showing which
exact open source components are inside your applications and
providing documentation that can be used for compliance and
regulations

Open Source Governance is a hot topic in today’s Application Security landscape, and it should be…

Today’s modern enterprise applications are made up of 85% Open Source components

1 in 10 open source components contains a known vulnerability

1 in 4 organizations have experienced an open source breach in the last 12 months

Saltworks, an industry-leading AppSec consulting firm, and Sonatype, an innovator in Open Source Security, will partner with your organization to add OSS into your Application Security toolbox.

Join us for this webinar to learn how Sonatype and Saltworks’ powerful services and solutions can:
• Secure the building blocks of your applications at their
foundations, rather than just testing them after they’ve been
incorporated (purpose of SAST/DAST)
• Enable a “Shift Left” culture in your organization by preventing
teams from using insecure components, in the earliest stages of
development
• Create a Software Bill of Materials for your teams – don’t guess
what is in your code- know it!

As nimble organizations deliver new innovations; bad actors are upping their games. Leveraging their ability to exploit – and even plant – security vulnerabilities in the software supply chain, they have expanded scale through automation and breach success through precision targeting.

To avoid becoming a statistic, your firm must fight back by doing the same — automating security directly into the DevOps pipeline.We’ll discuss how security principles have been automated into a CI/CD pipeline and the standards for implementation that resulted.

In this webinar you’ll learn:
• Real-world examples of how companies large and small are implementing DevSecOps practices in their delivery pipelines while increasing developer awareness of risks
• Key insights from the 2019 DevSecOps community report — including the top investments for automated security
• Why DevSecOps is more than a buzzword, and why it’s vital to protecting your software supply chain
• How automating policy security makes it harder to ignore.

Businesses trust their Data Integrity tools to drive strategy and process optimization decisions, but the power of those tools depends on a complex infrastructure accurately collecting and transforming critical data sources. The slightest data integrity error can have catastrophic impacts that ripple throughout the organization. Inaccurate data quality not only leads to sub-optimal decisions; it also opens the door to regulatory risks.

Data integrity issues cost organizations $15M annually, on average (Gartner) and $3.1T overall is wasted finding and fixing data issues each year (HBR). Stop these data issues in their tracks—with an automated, integrated process that covers your complete data landscape.

Join this session with data testing experts, Curtis O’Dell and Jonathan Morar, from Tricentis, an Orasi partner, to learn how you can use leverage data integrity testing to:
• Ensure end-to-end data and decision integrity
• Expose data integrity issues as they’re introduced
• Save time and money by rapidly pinpointing root causes

While tools such as SAST, DAST, OSS, and Pen Testing are vital to a company’s application security program, using them as disparate solutions amongst teams can lead to a lack of communication and visibility. In addition, siloed security testing tools don’t offer the necessary data insight into enterprise-wide threats or provide high-level trend and executive dashboard capabilities.

Saltworks’ new dashboarding tool, SaltMiner, was created to solve these issues. It allows enterprises to aggregate, analyze, and report on results from scans conducted using different technologies, and to do it at scale.

Tune in to this upcoming webinar, hosted by Orasi’s joint-venture, Saltworks Security, to learn more about SaltMiner. Hear how the Saltworks team saw the industry’s need for an enterprise-wide AppSec dashboard in their day-to-day work with high-profile organizations and designed the tool with their customers’ needs in mind. In addition, see how SaltMiner empowers enterprises to see a true enterprise-wide picture of AppSec risks and needs through:
- Drill-down and customizable reporting filterable by business unit/owner, vulnerability type, criticality level, IP range, vulnerability trends, and more
- Compliance-proving results, with exportable application security results and data for GRC, SOCs, other dashboards, etc.
- Focused vulnerability reports for testers that maximize their efforts