Name: What the CRA means to DevSecOps Teams
Start: 2024-03-28T11:31:00Z
End: 2024-03-28T11:31:46.000Z
Location: BrightTALK
Rating: 0

Synopsys Software Integrity Group provides integrated solutions that transform the way development teams build and deliver software, accelerating innovation while addressing business risk. Our industry-leading portfolio of software security products and services is the most comprehensive in the world and interoperates with third-party and open source tools, allowing organizations to leverage existing investments to build the security program that’s best for them. Only Synopsys offers everything you need to build trust in your software.

Understanding the risks associated with open source software has become the norm in tech due diligence, but not all approaches are created equal. Knowing what’s in the software you’re acquiring is the first step. Few targets are able to produce an SBOM and when they do, it tends to be about 50% accurate. Is “good enough” good enough for M&A?

Join this live Synopsys webinar to learn how a purpose-built M&A open source audit differs from open source management tools and why it matters in tech due diligence. We’ll cover:

• The risks associated with open source software 
•Why depth of analysis matters, and what it results in during M&A diligence
•Why accuracy, reporting and expert human analysis are keys to thorough diligence

Don’t miss this informative webinar. Register today.

Open Source Software Audit vs Scan: What’s Right for M&A?

Open source and third-party software make up the bulk of code in today’s applications. Open source has become so integral to modern development that security and development teams struggle to identify all the components in their software. AI code generation only adds to the difficulty.  

From license compliance issues to security vulnerabilities to reliance on stagnant projects, it’s never been more critical to know what’s in your code. It’s table stakes for addressing these risks.  

Join this webinar to hear top open source legal experts discuss how to minimize risks while leveraging open source in software development and M&A. We’ll cover:  

- Roots of open source 
- Examination of the risks 
- Overview of the most popular open source licenses  
- Guidelines for managing

Fundamentals of Open Source Risk Management

Companies adopt many application security testing (AST) tools to pinpoint where critical fixes are needed and avoid costly postproduction software issues. Yet despite a lot of AppSec investment, they still fail to get an accurate view of risk, and struggle integrate testing, triage, and remediation within developer workflows. This has driven the evolution of application security posture management (ASPM). 

In this session, we’ll dive into 
- The difference between application security orchestration and correlation (ASOC) and ASPM
- The capabilities that a comprehensive ASPM solution should have
- How ASPM can help your development and security teams mitigate software risk at scale

What is Application Security Posture Management (ASPM)?

The development process is now so elaborate, distributed, and fast-moving that it’s difficult for enterprises to fully understand and manage effectively, much less defend against attacks. Complex projects may require input from multiple teams that are often unaware of one another’s activities. They may use third-party code and open source that hasn’t been thoroughly vetted. And they may be written using automated tools and AI, which may not employ security best practices or unknowingly propagate weak or vulnerable code. 

Join experts from SANS and Synopsys as they discuss why a new approach to DevOps security is required—one that applies continuous testing to continuous development so that threats and vulnerabilities can be identified and mitigated across every step of the development process. 

Register today and be among the first to receive the associated whitepaper written by Chris Edmundson.

Sponsored by Synopsys

Shift Left to Shift Everywhere: Continuous Development's Impact on Security

A common adage states that “security is only as strong as its weakest link.” Penetration (pen) testing is meant to demonstrate this idea. Through administration of yearly pen tests, these entry points can be identified and patched, providing greater assurance in an application’s defense. 

A pen test is a simulated attack on your apps and infrastructure to find exploitable flaws and vulnerabilities. Expert testers use varying and ever-changing tools and techniques to find and demonstrate the business impacts of weaknesses in a system.  

In this webinar you will learn: 
- Definition and types of pen tests 
- The precautions you need to take before you start testing 
- Approaches to vulnerability discovery across applications 
- How (manual) pen testing fits in with automated tooling 
- Development of an example vulnerability

Pen Testing 101

In the complex world of software development, generative artificial intelligence (GAI) coding tools appear as a beacon of productivity and effectiveness. When handled with precision, they brighten the path to innovation, cutting through the intricacies of coding. However, as with any unchecked flame, such tools must be carefully managed to avoid endangering an organization's valued IP, impacting its bottom line or introducing risk into an M&A transaction.

Join this webinar to get an introduction to GAI coding tools and how you can minimize risk when using these in your organization. We’ll cover:

- Introduction to GAI coding tools (from code completion to code generation)
- Legal, operational, and M&A risks arising from GAI coding tools (e.g., IP ownership, IP infringement, cybersecurity) 
- Establishing a general AI policy with provisions specifically tailored to issues arising in using AI for coding  
- Managing risk arising from GAI coding tools - this includes a mix of technical, operational and administrative safeguards (e.g., usage policies, auditing tools, optimal selection and implementation of tools) 

This presentation is intended for legal and technical teams involved in software development and M&A software due diligence.

Managing Software Risks in the Age of AI-Generated Code

As with all things tech, software development has been in a constant state of evolution since its infancy. Generative AI, however, has the potential to disrupt software development as we know it.
There are significant benefits offered by generative AI, but there are risks as well, including security risks. In its brief history, AI has generated buggy code, taken code from open source repositories without licensing considerations, and generated incorrect code.
In this webinar, you will learn
• What AI is and how it is used in the SDLC
• The ways AI is changing how software is being built
• The risks, drawbacks, and concerns of using AI
• How to benefit from AI while managing risks

How Generative AI is Changing the SDLC

As the popularity of cloud-native applications continues to surge, containers are becoming the preferred option to package and deploy these applications because of the agility and scalability they deliver. According to Gartner, “by 2022, more than 75% of global organizations will be running containerized applications in production.”

The popularity of containers has also attracted the attention of hackers who are constantly looking for new ways to exploit them. Containers expand an organization’s attack surface and increase the risk to the applications they house. A comprehensive approach for container security is required to mitigate the risk to containerized applications and infrastructure.

In this webinar, we’ll outline the essential elements required to secure your container environments, including:
• Understanding what containers are (and aren’t)
• How to look at container security holistically
• The top threats to container landscapes
• Relevant case studies

Container Security Essentials

Security remains a leading concern for businesses in this multi-cloud era. With the increasing cloud-native deployment and use of generative AI in application software development, along with proliferation of tools, data and applications distributed across various cloud platforms, ensuring a consistent and robust security posture and at the same time, keep pace with the fast DevOps CI/CD pipeline can be daunting.

The  webinar will explore some of the challenges organizations face when navigating the complex landscape in securing their applications from code to cloud in a fast-paced DevOps CI/CD environment. Attendees will gain insights into how companies overcome these challenges and implement robust and effective application security solutions that align to their DevSecOps initiatives.

Key Takeaways: 

- Recognize the security challenges in this high pace, evolving technology landscape
- The importance of adopting an integrated “Essential Three” app security strategy
- Practical solutions for DevSecOps alignment from a customer perspective

Cloud-native and Generative AI Implications in DevSecOps

The growth of software across every industry poses significant challenges for teams that need to keep up with the fast pace of innovation while making sure the software they put into production is secure. This has led to a proliferation of tools deployed by security teams. You may ask why? In simple terms, to tackle the increasing pressure of a larger and more sophisticated threat landscape. Ultimately, teams are now left with added complexity and friction in the SDLC and a bloated total cost of ownership (TCO).  

As a result, Gartner indicates an increase in organizations pursuing vendor consolidation from 29% in 2020 to 75% in 2022 to tackle the cost and complexity of present day AppSec programs. But, consolidating vendors is only one part of the equation. 

Join us, as we unlock the key to mastering software security in the era of rapid innovation. We delve into a differentiated approach to consolidation initiatives that extends beyond improving TCO.  

Join now and understand how to: 

- Streamline tools & processes to improve resource efficiency. 
- Focus your teams with prioritized risk data across your security program. 
- Deliver rapid, comprehensive risk insight for improved time to audit.

How to Improve AppSec Efficiency

Join us for an insightful webinar that explores the dynamic landscape of application security. Learn about the alarming rise of supply chain attacks and the shifting tide of high-severity vulnerabilities, as well as the impact of these trends on organizations worldwide. Discover actionable strategies to combat these threats, including the importance of tool consolidation and fostering security champions within your teams. We'll cover
 
• The implications of supply chain attacks
• Effective tool consolidation strategies
• Empowering security champions to strengthen your defense

Securing Tomorrow - Navigating Trends in Application Security

We all can plainly see that AI is the “next big thing.”  Whether your organization is bringing up its skill baseline, integrating LLM chatbots with existing applications, leveraging models to augment existing applications, pulling models off HuggingFace and fine tuning them, or training your own models from scratch, this talk will provide you with a baseline to answer the deceptively basic question: how do I secure it?
 
Join this webinar to learn
-              The basics of GenAI 
-              Unique risks with AI integration 
-              Strategies for securely implementing AI
-              Lessons from “the field”

How Do You Secure Hype: Baselining Your Org’s Generative AI Security

Artificial intelligence (AI) continues to push the frontiers of technology - and it's here to stay. It's influence on cybersecurity reveal a double-edged sword. AI is becoming a formidable enhancer of security measures. But with all new technologies, there is a downside to consider. AI is already used as a core tool in the arsenal of cybercriminals and its capabilities are harnessed to refine every aspect of cybercrime.

The more we see criminals that leverage AI, the more we realize that our defences are not yet equipped to counter Malicious-AI. So where does this leave us?

This session will shed light on how criminals exploit AI to elevate their malicious endeavours. Gain practical insights into the evolving landscape of cybercrime and the pivotal role of AI within it. Let's take a glimpse into a future where AI dominates the cybercrime landscape! Are you ready for the move?

How to Protect Yourself from AI Cybersecurity Nightmares

Tech M&A deals move fast, and there’s not always enough time, money, or bandwidth to complete diligence on all of the software assets that you’re acquiring. So how do you prioritize what you audit so that you can feel confident that you’re reducing risk in the right places?
 
Join this live webinar to hear how a legal software due diligence expert advises clients prioritizing their software due diligence. We’ll cover: 
 
• Where audits come up and why should you care about them
• Where an audit fits into the M&A transaction process
• How to “right size” an audit and strategically select code for auditing

How to Prioritize the Software You Diligence in Software Due Diligence

AI-powered development has greatly increased the rate at which software evolves. But using artificial intelligence as a proxy for security-aware developers introduces a variety of risks to the business.

Organizations must prepare for the complexities of AI-powered development. This requires establishing consistent and scalable DevSecOps initiatives. The discussion will cover

• Innovation and trends in AI-powered software development
• The inherent risks to application security and business operations of using AI and third-party digital artifacts
• Best practices for establishing application security testing and issue remediation within DevOps workflows that include AI
• Ways to use AI to empower developers and reduce the opportunity of an attack

Artificial Intelligence, Real Security: Preparing DevSecOps for AI Development

Join us as we explore how to scale application security in today's dynamic development environments. Don't miss this opportunity to uncover actionable strategies for managing software risk. Learn to achieve scalable application security in today's fast-paced development landscape.

What You'll Learn
- How to streamline application security and maximize insights for improved outcomes
- Techniques to optimize processes, enhance collaboration, and deliver secure software without sacrificing development speed
- Why leveraging an Application Security Posture Management (ASPM) solution can help standardize AppSec practices across diverse tooling, teams, and applications within your organization

4 Steps for End-to-End Software Risk Management

In a survey of your peers, the Ponemon Institute uncovered a stark reality:
 
Teams are struggling to secure software supply chains as fast as advances in things like AI are increasing developments ability to produce it. For example, 52% of organizations leverage AI tools to generate code. Yet only 32% say they have processes in place to evaluate it.  And less than half say they are effective in securing open source or evaluating the security of commercial software in their supply chain.
 
Where do you rank? 
 
Join the webinar to understand the state of software supply chain security and how you can help your team keep pace with managing it. We’ll cover:   
 
• How prepared organization are for supply chain attacks
• How to secure and manage open source and commercial software in your applications
• How things like AI and SBOM mandates are impacting security readiness

By the Numbers: Software Supply Chain Security Risks

개발자는 신속한 제품 파이프라인 완성을 목표로 하고 보안팀은 취약성 예방에 집중하는 등 개발자와 보안 전문가 간의 목표가 상충되어 DevOps에서 보안 문제가 발생하는 경우가 많이 있습니다. 

현실에서 이런 상충된 목표들을 어떻게 동시에 달성할 수 있을까요? 조직은 보안을 손상시키지 않고 복잡성을 제거하고 비용을 절감하며 확장성을 개선하려면 어떻게 해야 할까요?
 
Polaris Software Integrity Platform®은 SAST, SCA에서 DAST에 이르는 전체 앱보안 솔루션 제품군을 제공합니다. 이 웨비나에서는 최신 웹 애플리케이션에 맞게 추가된 Polaris fAST Dynamic을 소개합니다. 또한 Polaris 플랫폼의 AI 기반 애플리케이션 보안 어시스턴트인 Polaris Assist도 소개합니다. Polaris Assist는 수십 년간 축적된 실제 인사이트와 강력한 대규모 언어 모델(LLM)을 결합하여 보안 및 개발 팀이 탐지된 취약점의 요약과 코드 수정 권장 사항을 이해하기 쉽게 제공함으로써 안전한 소프트웨어를 더 빠르게 구축할 수 있도록 지원합니다. 
 
웨비나를 시청하시고, 쉽고 빠르며 자동화된 차세대 애플리케이션 보안을 통해 팀이 작업 중인 모든 환경과 원활하게 통합할 수 있는 방법을 알아보십시오.

AI 기반 Polaris Assist와 자동화된 AppSec의 미래

From Application Security to Business Risk

Keeping Pace: Managing the risks of AI-generated code

Effective Cloud-based Application Security Practices for Modern Development

AST Tool Consolidation: Reduce Complexity and TCO with ASPM

2024 AppSec on The Move

In January, the EU published the final version of the Cyber Resilience Act (CRA). While this won't come into force until late 2026, there are still actions you can take.  

The good news is most of what's required is already part of a mature modern AppSec programme.  

In this session we’ll cover some of what DevSecOps and product security teams should be planning for to address CRA, with lessons drawn from efforts present in highly regulated spaces in other jurisdictions.

What the CRA means to DevSecOps Teams

Software Supply Chain

Software Security

Security

AppSec

Application Security

DevSecOps

Cyber Resilience Act

Information Security

Cyber Security

Open Source

Intellectual property law is crucial to ensuring that you or your organization have exclusive rights to that assets that you’ve created. The BrightTALK intellectual property community has thousands of professionals focused on learning and exchanging information about intellectual property management, intellectual property software and how to protect intellectual property. Join the community for access to free, interactive presentations or attend live webinars to have your questions answered by IP lawyers and industry experts.

Intellectual Property

The legal community on BrightTALK combines the fields of employment law, e-discovery, intellectual property and environmental law to create a thriving ecosystem of legal resources. Attend live and on-demand webinars dealing with employment contract law, e-discovery solutions, intellectual property software and sustainable development from leading lawyers and legal professionals to gain knowledge in a wide range of fields. Join the community and be part of the conversation by attending live legal webinars and connecting with industry thought leaders.

Legal

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

Join thousands of engaged IT professionals in the application management community on BrightTALK. Interact with your peers in relevant webinars and videos on the latest trends and best practices for application lifecycle management, application performance management and application development.

Application Management

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Internal audit and compliance professionals are facing increasingly stringent regulatory requirements when it comes to compliance reporting and internal control procedures. Join the audit and compliance community to learn best practices from thought leaders on topics such as regulatory compliance, internal audit checklists and audit program strategies.

Audit and Compliance

Get powerful market trends insights that are shaping the M

Mergers and Acquisitions

The accounting and finance community on BrightTALK features presentations from leading accountants and finance professionals. The accounting community includes tax planning strategies, QuickBooks webinars and other accounting webinars, while the finance community features presentations on financial capital regulations and forensic data analytics. Join the conversation by attending live financial and accounting presentations and connecting with industry thought leaders.

What the CRA means to DevSecOps Teams

Presented by

About this talk

More from this channel