Name: The Four Truths of Securing Your Software Supply Chain
Start: 2024-04-25T18:00:00Z
End: 2024-04-25T18:00:49.000Z
Location: BrightTALK
Rating: 0

Synopsys Software Integrity Group provides integrated solutions that transform the way development teams build and deliver software, accelerating innovation while addressing business risk. Our industry-leading portfolio of software security products and services is the most comprehensive in the world and interoperates with third-party and open source tools, allowing organizations to leverage existing investments to build the security program that’s best for them. Only Synopsys offers everything you need to build trust in your software.

Understanding the risks associated with open source software has become the norm in tech due diligence, but not all approaches are created equal. Knowing what’s in the software you’re acquiring is the first step. Few targets are able to produce an SBOM and when they do, it tends to be about 50% accurate. Is “good enough” good enough for M&A?

Join this live Synopsys webinar to learn how a purpose-built M&A open source audit differs from open source management tools and why it matters in tech due diligence. We’ll cover:

• The risks associated with open source software 
•Why depth of analysis matters, and what it results in during M&A diligence
•Why accuracy, reporting and expert human analysis are keys to thorough diligence

Don’t miss this informative webinar. Register today.

Open Source Software Audit vs Scan: What’s Right for M&A?

Legislation requiring stringent software security practices by software producers is being passed around the globe. This requires organizations to rethink their approach to software security, which industry standards they follow, and the best practices for their software development teams.

NIST has produced guidance known as the Secure Software Development Framework (SSDF). The SSDF is a series of practices and associated tasks that serve as a baseline for teams seeking to securely develop software in a standardized way. Attestation to conformance with a subset of the SSDF has been signaled by the U.S.

In this webinar, you will learn the best practices for performing an SSDF readiness assessment including:

• Whether your organization’s software development practices align with the SSDF
• How to determine which controls are lacking for conformance with guidelines
• How to perform associated corrective recommendations on time
• Case studies of successful U.S. government attestations

Best Practices for Leveraging the SSDF

Do you want to secure your software at scale? An application security posture management (ASPM) solution could be the answer. Maintain a strong security posture —and ensure compliance with industry standards and regulations—by gaining visibility into your applications.

Join us for a panel discussion where we share steps for securing applications. You'll learn

• Real-world use cases: Discover how regulatory-heavy industries and large enterprises use ASPM to address security challenges

• Operationalizing testing: Gain insights into how security teams can use ASPM to automate and operationalize security testing

• Maturing your AppSec program: Learn practical steps to enhance your AppSec program with ASPM

Don't miss the opportunity to learn how to be proactive in risk management.

Secure Application Software at Scale

Open source and third-party software make up the bulk of code in today’s applications. Open source has become so integral to modern development that security and development teams struggle to identify all the components in their software. AI code generation only adds to the difficulty.  

From license compliance issues to security vulnerabilities to reliance on stagnant projects, it’s never been more critical to know what’s in your code. It’s table stakes for addressing these risks.  

Join this webinar to hear top open source legal experts discuss how to minimize risks while leveraging open source in software development and M&A. We’ll cover:  

- Roots of open source 
- Examination of the risks 
- Overview of the most popular open source licenses  
- Guidelines for managing

Fundamentals of Open Source Risk Management

APIs have become central to the daily operations of most businesses. Their rapid proliferation has exposed significant vulnerabilities that need immediate attention. This presentation provides an in-depth assessment of the current state of API security. We discuss the growth of API-related incidents and provide a framework for improving API security within organizations.

Join this webinar to learn about
• API security challenges due to the increase in API usage, and the resulting vulnerabilities
• Proactive security integrations for incorporating security measures throughout the entire API development life cycle
• A framework for enhancing API security to protect against emerging threats

Elevating API Security: A Structured Approach

Companies adopt many application security testing (AST) tools to pinpoint where critical fixes are needed and avoid costly postproduction software issues. Yet despite a lot of AppSec investment, they still fail to get an accurate view of risk, and struggle integrate testing, triage, and remediation within developer workflows. This has driven the evolution of application security posture management (ASPM). 

In this session, we’ll dive into 
- The difference between application security orchestration and correlation (ASOC) and ASPM
- The capabilities that a comprehensive ASPM solution should have
- How ASPM can help your development and security teams mitigate software risk at scale

What is Application Security Posture Management (ASPM)?

Securing your software supply chain begins with knowing what’s in your code. With AI-generated code and ubiquitous open source software use, it’s never been more critical to understand what risks your software may contain. In fact, last year alone we found that 84% of codebases contained at least one open source vulnerability.
 
Join this live Synopsys webinar as we explore the findings from the 2024 “Open Source Security and Risk Analysis” report. We’ll cover:
 
• The state of open source software security
• Tips for mitigating risks and keeping vulnerabilities out of your supply chain
• How to protect against security and IP risks from AI coding tools

The 2024 Guide to Open Source Security and Risk

保护软件供应链首先要了解代码中的开源组件，并确定它们各自的许可证、潜在漏洞、已知漏洞和恶意代码。
人们普遍认为，实施软件物料清单(SBOM)是减少对软件供应链攻击的有效措施。根据Gartner的研究，到2026年，至少60%采购关键软件解决方案的组织将要求在其许可和支持协议中披露软件材料清单(SBOM)，这一比例从2022年的不到5%大幅增长。

本次网络研讨会将讨论以下主题:
软件供应链现状
2.    如何构建安全的软件供应链?
2-1 软件组成分析（SCA）工具是基础
2-2 软件物料清单（SBOM）管理
2-3恶意包检测

软件供应链风险与解决方案

AI-powered development has greatly increased the rate at which software evolves. But using artificial intelligence as a proxy for security-aware developers introduces a variety of risks to the business.

Organizations must prepare for the complexities of AI-powered development. This requires establishing consistent and scalable DevSecOps initiatives. The discussion will cover

• Innovation and trends in AI-powered software development
• The inherent risks to application security and business operations of using AI and third-party digital artifacts
• Best practices for establishing application security testing and issue remediation within DevOps workflows that include AI
• Ways to use AI to empower developers and reduce the opportunity of an attack

Artificial Intelligence, Real Security: Preparing DevSecOps for AI Development

Join us as we explore how to scale application security in today's dynamic development environments. Don't miss this opportunity to uncover actionable strategies for managing software risk. Learn to achieve scalable application security in today's fast-paced development landscape.

What You'll Learn
- How to streamline application security and maximize insights for improved outcomes
- Techniques to optimize processes, enhance collaboration, and deliver secure software without sacrificing development speed
- Why leveraging an Application Security Posture Management (ASPM) solution can help standardize AppSec practices across diverse tooling, teams, and applications within your organization

4 Steps for End-to-End Software Risk Management

A common adage states that “security is only as strong as its weakest link.” Penetration (pen) testing is meant to demonstrate this idea. Through administration of yearly pen tests, these entry points can be identified and patched, providing greater assurance in an application’s defense. 

A pen test is a simulated attack on your apps and infrastructure to find exploitable flaws and vulnerabilities. Expert testers use varying and ever-changing tools and techniques to find and demonstrate the business impacts of weaknesses in a system.  

In this webinar you will learn: 
- Definition and types of pen tests 
- The precautions you need to take before you start testing 
- Approaches to vulnerability discovery across applications 
- How (manual) pen testing fits in with automated tooling 
- Development of an example vulnerability

Pen Testing 101

Interested in the latest trends in application security? Find our what you've missed in July and listen to our recap.

AppSec Highlights in July

Python is a fast, platform-agnostic, and easy-to-learn programming language that is suited for beginners and experienced developers alike. Ever since its first release in 1991, Python has had a constant presence in the computer world and has become a go-to language thanks to its easy-to-understand code and versatility. Today, Python can boast a wide array of libraries and frameworks, and they are the cornerstone of fast and easy Python programming—the so-called Pythonic way of development.
 
But like all programming languages, Python is not immune to security threats. Secure coding best practices must be adopted to avoid risks from attackers. In this webinar, we’ll explore Python security best practices that should employed when building secure application.

Python 101

In the complex world of software development, generative artificial intelligence (GAI) coding tools appear as a beacon of productivity and effectiveness. When handled with precision, they brighten the path to innovation, cutting through the intricacies of coding. However, as with any unchecked flame, such tools must be carefully managed to avoid endangering an organization's valued IP, impacting its bottom line or introducing risk into an M&A transaction.

Join this webinar to get an introduction to GAI coding tools and how you can minimize risk when using these in your organization. We’ll cover:

- Introduction to GAI coding tools (from code completion to code generation)
- Legal, operational, and M&A risks arising from GAI coding tools (e.g., IP ownership, IP infringement, cybersecurity) 
- Establishing a general AI policy with provisions specifically tailored to issues arising in using AI for coding  
- Managing risk arising from GAI coding tools - this includes a mix of technical, operational and administrative safeguards (e.g., usage policies, auditing tools, optimal selection and implementation of tools) 

This presentation is intended for legal and technical teams involved in software development and M&A software due diligence.

Managing Software Risks in the Age of AI-Generated Code

As with all things tech, software development has been in a constant state of evolution since its infancy. Generative AI, however, has the potential to disrupt software development as we know it.
There are significant benefits offered by generative AI, but there are risks as well, including security risks. In its brief history, AI has generated buggy code, taken code from open source repositories without licensing considerations, and generated incorrect code.
In this webinar, you will learn
• What AI is and how it is used in the SDLC
• The ways AI is changing how software is being built
• The risks, drawbacks, and concerns of using AI
• How to benefit from AI while managing risks

How Generative AI is Changing the SDLC

As the popularity of cloud-native applications continues to surge, containers are becoming the preferred option to package and deploy these applications because of the agility and scalability they deliver. According to Gartner, “by 2022, more than 90% of global organizations will be running containerized applications in production by 2026 or 2027,up from less than 40% in 2021.”

The popularity of containers has also attracted the attention of hackers who are constantly looking for new ways to exploit them. Containers expand an organization’s attack surface and increase the risk to the applications they house. A comprehensive approach for container security is required to mitigate the risk to containerized applications and infrastructure.

In this webinar, we’ll outline the essential elements required to secure your container environments, including:
• Understanding what containers are (and aren’t)
• How to look at container security holistically
• The top threats to container landscapes
• Relevant case studies

Container Security Essentials

Security remains a leading concern for businesses in this multi-cloud era. With the increasing cloud-native deployment and use of generative AI in application software development, along with proliferation of tools, data and applications distributed across various cloud platforms, ensuring a consistent and robust security posture and at the same time, keep pace with the fast DevOps CI/CD pipeline can be daunting.

The  webinar will explore some of the challenges organizations face when navigating the complex landscape in securing their applications from code to cloud in a fast-paced DevOps CI/CD environment. Attendees will gain insights into how companies overcome these challenges and implement robust and effective application security solutions that align to their DevSecOps initiatives.

Key Takeaways: 

- Recognize the security challenges in this high pace, evolving technology landscape
- The importance of adopting an integrated “Essential Three” app security strategy
- Practical solutions for DevSecOps alignment from a customer perspective

Cloud-native and Generative AI Implications in DevSecOps

The growth of software across every industry poses significant challenges for teams that need to keep up with the fast pace of innovation while making sure the software they put into production is secure. This has led to a proliferation of tools deployed by security teams. You may ask why? In simple terms, to tackle the increasing pressure of a larger and more sophisticated threat landscape. Ultimately, teams are now left with added complexity and friction in the SDLC and a bloated total cost of ownership (TCO).  

As a result, Gartner indicates an increase in organizations pursuing vendor consolidation from 29% in 2020 to 75% in 2022 to tackle the cost and complexity of present day AppSec programs. But, consolidating vendors is only one part of the equation. 

Join us, as we unlock the key to mastering software security in the era of rapid innovation. We delve into a differentiated approach to consolidation initiatives that extends beyond improving TCO.  

Join now and understand how to: 

- Streamline tools & processes to improve resource efficiency. 
- Focus your teams with prioritized risk data across your security program. 
- Deliver rapid, comprehensive risk insight for improved time to audit.

How to Improve AppSec Efficiency

How Many Types of SBOM Are There?

Demystifying SBOMs: Navigating Legislation and Processes

Finding Your Way in Container Security

AI and Software Development: IP and Governance

Generative AI, Training Data, Open Source, and GitHub Copilot, Oh My!

Your Software Supply Chain is Only as Secure as its Weakest Link

Best Practices for Using AI in Software Development

AI Strategy, Security, and Governance: The View from the Top

SBOMs and SPDX: Now and in the Future

Ask the Experts: AI and Software Development

What the EU Cyber Resilience Act Means for AppSec

Addressing API Security in Your DevSecOps Life Cycle

How Does Malicious Code Enter Applications?

Zero to Hero: Improving Your Container Security Strategy

Automagic API Security Testing

How to Address API Security in 2023?

Securing your Software Supply Chain

In the realm of secure software supply chains, it's evident that each one possesses its unique characteristics. Consequently, the strategies for ensuring their security are equally diverse. This variance often contributes to the widespread confusion surrounding the subject. But what if we could pinpoint the shared elements among all supply chain security endeavors? 

Join us for a discussion on four fundamental truths observed across every secure software supply chain. Discover how these principles can propel your security initiatives forward.

Prepare to gain insights into:
- The impact of open source software on contemporary supply chains
- The significance of consistent and reliable risk assessment
- The role of automation in facilitating effective governance
- Establishing consumer trust through vendor practices

The Four Truths of Securing Your Software Supply Chain

Software Security

Software Supply Chain

SBOM

Application Management

Application Development

Compliance

CISO

Open Source

Information Security

Cyber Security

Intellectual property law is crucial to ensuring that you or your organization have exclusive rights to that assets that you’ve created. The BrightTALK intellectual property community has thousands of professionals focused on learning and exchanging information about intellectual property management, intellectual property software and how to protect intellectual property. Join the community for access to free, interactive presentations or attend live webinars to have your questions answered by IP lawyers and industry experts.

Intellectual Property

The legal community on BrightTALK combines the fields of employment law, e-discovery, intellectual property and environmental law to create a thriving ecosystem of legal resources. Attend live and on-demand webinars dealing with employment contract law, e-discovery solutions, intellectual property software and sustainable development from leading lawyers and legal professionals to gain knowledge in a wide range of fields. Join the community and be part of the conversation by attending live legal webinars and connecting with industry thought leaders.

Legal

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

Join thousands of engaged IT professionals in the application management community on BrightTALK. Interact with your peers in relevant webinars and videos on the latest trends and best practices for application lifecycle management, application performance management and application development.

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Internal audit and compliance professionals are facing increasingly stringent regulatory requirements when it comes to compliance reporting and internal control procedures. Join the audit and compliance community to learn best practices from thought leaders on topics such as regulatory compliance, internal audit checklists and audit program strategies.

Audit and Compliance

Get powerful market trends insights that are shaping the M

Mergers and Acquisitions

The accounting and finance community on BrightTALK features presentations from leading accountants and finance professionals. The accounting community includes tax planning strategies, QuickBooks webinars and other accounting webinars, while the finance community features presentations on financial capital regulations and forensic data analytics. Join the conversation by attending live financial and accounting presentations and connecting with industry thought leaders.

The Four Truths of Securing Your Software Supply Chain

Presented by

About this talk

More from this channel