Name: By the Numbers: Software Supply Chain Security Risks
Start: 2024-07-25T06:00:00Z
End: 2024-07-25T06:00:46.000Z
Location: BrightTALK
Rating: 0

Synopsys Software Integrity Group provides integrated solutions that transform the way development teams build and deliver software, accelerating innovation while addressing business risk. Our industry-leading portfolio of software security products and services is the most comprehensive in the world and interoperates with third-party and open source tools, allowing organizations to leverage existing investments to build the security program that’s best for them. Only Synopsys offers everything you need to build trust in your software.

Companies adopt many application security testing (AST) tools to pinpoint where critical fixes are needed and avoid costly postproduction software issues. Yet despite a lot of AppSec investment, they still fail to get an accurate view of risk, and struggle integrate testing, triage, and remediation within developer workflows. This has driven the evolution of application security posture management (ASPM). 

In this session, we’ll dive into 
- The difference between application security orchestration and correlation (ASOC) and ASPM
- The capabilities that a comprehensive ASPM solution should have
- How ASPM can help your development and security teams mitigate software risk at scale

What is Application Security Posture Management (ASPM)?

The development process is now so elaborate, distributed, and fast-moving that it’s difficult for enterprises to fully understand and manage effectively, much less defend against attacks. Complex projects may require input from multiple teams that are often unaware of one another’s activities. They may use third-party code and open source that hasn’t been thoroughly vetted. And they may be written using automated tools and AI, which may not employ security best practices or unknowingly propagate weak or vulnerable code. 

Join experts from SANS and Synopsys as they discuss why a new approach to DevOps security is required—one that applies continuous testing to continuous development so that threats and vulnerabilities can be identified and mitigated across every step of the development process. 

Register today and be among the first to receive the associated whitepaper written by Chris Edmundson.

Sponsored by Synopsys

Shift Left to Shift Everywhere: Continuous Development's Impact on Security

A common adage states that “security is only as strong as its weakest link.” Penetration (pen) testing is meant to demonstrate this idea. Through administration of yearly pen tests, these entry points can be identified and patched, providing greater assurance in an application’s defense. 

A pen test is a simulated attack on your apps and infrastructure to find exploitable flaws and vulnerabilities. Expert testers use varying and ever-changing tools and techniques to find and demonstrate the business impacts of weaknesses in a system.  

In this webinar you will learn: 
- Definition and types of pen tests 
- The precautions you need to take before you start testing 
- Approaches to vulnerability discovery across applications 
- How (manual) pen testing fits in with automated tooling 
- Development of an example vulnerability

Pen Testing 101

In the complex world of software development, generative artificial intelligence (GAI) coding tools appear as a beacon of productivity and effectiveness. When handled with precision, they brighten the path to innovation, cutting through the intricacies of coding. However, as with any unchecked flame, such tools must be carefully managed to avoid endangering an organization's valued IP, impacting its bottom line or introducing risk into an M&A transaction.

Join this webinar to get an introduction to GAI coding tools and how you can minimize risk when using these in your organization. We’ll cover:

- Introduction to GAI coding tools (from code completion to code generation)
- Legal, operational, and M&A risks arising from GAI coding tools (e.g., IP ownership, IP infringement, cybersecurity) 
- Establishing a general AI policy with provisions specifically tailored to issues arising in using AI for coding  
- Managing risk arising from GAI coding tools - this includes a mix of technical, operational and administrative safeguards (e.g., usage policies, auditing tools, optimal selection and implementation of tools) 

This presentation is intended for legal and technical teams involved in software development and M&A software due diligence.

Managing Software Risks in the Age of AI-Generated Code

As with all things tech, software development has been in a constant state of evolution since its infancy. Generative AI, however, has the potential to disrupt software development as we know it.
There are significant benefits offered by generative AI, but there are risks as well, including security risks. In its brief history, AI has generated buggy code, taken code from open source repositories without licensing considerations, and generated incorrect code.
In this webinar, you will learn
• What AI is and how it is used in the SDLC
• The ways AI is changing how software is being built
• The risks, drawbacks, and concerns of using AI
• How to benefit from AI while managing risks

How Generative AI is Changing the SDLC

As the popularity of cloud-native applications continues to surge, containers are becoming the preferred option to package and deploy these applications because of the agility and scalability they deliver. According to Gartner, “by 2022, more than 75% of global organizations will be running containerized applications in production.”

The popularity of containers has also attracted the attention of hackers who are constantly looking for new ways to exploit them. Containers expand an organization’s attack surface and increase the risk to the applications they house. A comprehensive approach for container security is required to mitigate the risk to containerized applications and infrastructure.

In this webinar, we’ll outline the essential elements required to secure your container environments, including:
• Understanding what containers are (and aren’t)
• How to look at container security holistically
• The top threats to container landscapes
• Relevant case studies

Container Security Essentials

Security remains a leading concern for businesses in this multi-cloud era. With the increasing cloud-native deployment and use of generative AI in application software development, along with proliferation of tools, data and applications distributed across various cloud platforms, ensuring a consistent and robust security posture and at the same time, keep pace with the fast DevOps CI/CD pipeline can be daunting.

The  webinar will explore some of the challenges organizations face when navigating the complex landscape in securing their applications from code to cloud in a fast-paced DevOps CI/CD environment. Attendees will gain insights into how companies overcome these challenges and implement robust and effective application security solutions that align to their DevSecOps initiatives.

Key Takeaways: 

- Recognize the security challenges in this high pace, evolving technology landscape
- The importance of adopting an integrated “Essential Three” app security strategy
- Practical solutions for DevSecOps alignment from a customer perspective

Cloud-native and Generative AI Implications in DevSecOps

Join us for an insightful webinar that explores the dynamic landscape of application security. Learn about the alarming rise of supply chain attacks and the shifting tide of high-severity vulnerabilities, as well as the impact of these trends on organizations worldwide. Discover actionable strategies to combat these threats, including the importance of tool consolidation and fostering security champions within your teams. We'll cover
 
• The implications of supply chain attacks
• Effective tool consolidation strategies
• Empowering security champions to strengthen your defense

Securing Tomorrow - Navigating Trends in Application Security

Artificial intelligence (AI) continues to push the frontiers of technology - and it's here to stay. It's influence on cybersecurity reveal a double-edged sword. AI is becoming a formidable enhancer of security measures. But with all new technologies, there is a downside to consider. AI is already used as a core tool in the arsenal of cybercriminals and its capabilities are harnessed to refine every aspect of cybercrime.

The more we see criminals that leverage AI, the more we realize that our defences are not yet equipped to counter Malicious-AI. So where does this leave us?

This session will shed light on how criminals exploit AI to elevate their malicious endeavours. Gain practical insights into the evolving landscape of cybercrime and the pivotal role of AI within it. Let's take a glimpse into a future where AI dominates the cybercrime landscape! Are you ready for the move?

How to Protect Yourself from AI Cybersecurity Nightmares

Tech M&A deals move fast, and there’s not always enough time, money, or bandwidth to complete diligence on all of the software assets that you’re acquiring. So how do you prioritize what you audit so that you can feel confident that you’re reducing risk in the right places?
 
Join this live webinar to hear how a legal software due diligence expert advises clients prioritizing their software due diligence. We’ll cover: 
 
• Where audits come up and why should you care about them
• Where an audit fits into the M&A transaction process
• How to “right size” an audit and strategically select code for auditing

How to Prioritize the Software You Diligence in Software Due Diligence

AI-powered development has greatly increased the rate at which software evolves. But using artificial intelligence as a proxy for security-aware developers introduces a variety of risks to the business.

Organizations must prepare for the complexities of AI-powered development. This requires establishing consistent and scalable DevSecOps initiatives. The discussion will cover

• Innovation and trends in AI-powered software development
• The inherent risks to application security and business operations of using AI and third-party digital artifacts
• Best practices for establishing application security testing and issue remediation within DevOps workflows that include AI
• Ways to use AI to empower developers and reduce the opportunity of an attack

Artificial Intelligence, Real Security: Preparing DevSecOps for AI Development

Join us as we explore how to scale application security in today's dynamic development environments. Don't miss this opportunity to uncover actionable strategies for managing software risk. Learn to achieve scalable application security in today's fast-paced development landscape.

What You'll Learn
- How to streamline application security and maximize insights for improved outcomes
- Techniques to optimize processes, enhance collaboration, and deliver secure software without sacrificing development speed
- Why leveraging an Application Security Posture Management (ASPM) solution can help standardize AppSec practices across diverse tooling, teams, and applications within your organization

4 Steps for End-to-End Software Risk Management

As you start down the path of using generative artificial intelligence (GAI) in software development to improve efficiency, reduce costs, and increase revenue, you must also be aware of the associated legal issues. How can you leverage AI and minimize the risk it presents?

Join this live Synopsys webinar in which a panel of legal experts and practitioners will answer your questions about the rise of AI in software development, and how you can responsibly leverage this new technology. We’ll cover:

• The benefits and risks for using AI in software development 
• The evolving legal and regulatory landscape 
• Practical advice for using AI today and into the future

Ask the Experts: AI and Software Development

As far as the Cybersecurity and Infrastructure Security Agency (CISA) is concerned, there are six types of SBOMs that can be created for a single application or piece of software; neither of which will be identical. While CISA doesn’t have a favorite type of SBOM, you may find that your organization, vendors, or customers prefer some over others. As such, it’s important to understand what to expect from each type, how to generate them, and be prepared to reconcile the differences across them.

Learning objectives:
• Become familiar with the six types of SBOM
• Understand the benefits and limitations of each type
• Know the methods and tools required to generate each type

How Many Types of SBOM Are There?

AI coding assistants, such as Microsoft CoPilot and ChatGPT, will fundamentally change the way teams build software, much like open source software has over the last decade. As with open source, teams seeking the benefits of AI will also need to take precautions to address the security, quality, and intellectual property risks that come with the use of AI-generated code. Is your team ready for AI? 

In this webinar, we'll explore: 

Key risks teams might encounter using coding assistants 

Safeguards needed for confident use of AI-generated code

Keeping Pace: Managing the risks of AI-generated code

In today's fast-paced and ever-evolving cloud landscape, security is not just a necessity but a strategic enabler. To empower organizations to proactively prevent, detect, and respond to cloud security threats with precision and agility, cloud security solutions must scale on demand.  Automation in detection and remediation efforts must be in place to meet this requirement.
 
In this webinar, you’ll learn
- Why cloud detection and response (CDR) is necessary
- How CDR is typically performed
- What business outcomes and benefits CDR provides

Elevating Security in the Cloud: Detection and Response Unleashed

The Board and C-Suite are starting to take notice of the opportunities and risks inherent with powerful new generative artificial intelligence (GAI) tools that can quickly create text, code, images, and other media. Product Development and Engineering teams want to use such tools to increase productivity by at least one order of magnitude. In response, the Security, Legal, and Compliance teams typically raise legitimate concerns about the risks involved. What role can the Board and C-Suite play in this situation?
 
Join this live Synopsys webinar to get a jump start on what AI strategy, security, and governance looks like from the Board-level and C-suite. We’ll cover:
 
• Fundamentals of AI, types of models, and data used to inform them
• Expanding existing processes and procedures to address the security risks of GAI
• The top three questions the Board and C-Suite should be asking about GAI
• How to navigate the existing and evolving legal and regulatory landscape

AI Strategy, Security, and Governance: The View from the Top

In a survey of your peers, the Ponemon Institute uncovered a stark reality:
 
Teams are struggling to secure software supply chains as fast as advances in things like AI are increasing developments ability to produce it. For example, 52% of organizations leverage AI tools to generate code. Yet only 32% say they have processes in place to evaluate it.  And less than half say they are effective in securing open source or evaluating the security of commercial software in their supply chain.
 
Where do you rank? 
 
Join the webinar to understand the state of software supply chain security and how you can help your team keep pace with managing it. We’ll cover:   
 
• How prepared organization are for supply chain attacks
• How to secure and manage open source and commercial software in your applications
• How things like AI and SBOM mandates are impacting security readiness

By the Numbers: Software Supply Chain Security Risks

Open Source

Software Supply Chain

Software Composition Analysis

Application Development

Application Security

Software Development

SDLC

CICD

Cyber Defense

Intellectual property law is crucial to ensuring that you or your organization have exclusive rights to that assets that you’ve created. The BrightTALK intellectual property community has thousands of professionals focused on learning and exchanging information about intellectual property management, intellectual property software and how to protect intellectual property. Join the community for access to free, interactive presentations or attend live webinars to have your questions answered by IP lawyers and industry experts.

Intellectual Property

The legal community on BrightTALK combines the fields of employment law, e-discovery, intellectual property and environmental law to create a thriving ecosystem of legal resources. Attend live and on-demand webinars dealing with employment contract law, e-discovery solutions, intellectual property software and sustainable development from leading lawyers and legal professionals to gain knowledge in a wide range of fields. Join the community and be part of the conversation by attending live legal webinars and connecting with industry thought leaders.

Legal

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

Join thousands of engaged IT professionals in the application management community on BrightTALK. Interact with your peers in relevant webinars and videos on the latest trends and best practices for application lifecycle management, application performance management and application development.

Application Management

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Internal audit and compliance professionals are facing increasingly stringent regulatory requirements when it comes to compliance reporting and internal control procedures. Join the audit and compliance community to learn best practices from thought leaders on topics such as regulatory compliance, internal audit checklists and audit program strategies.

Audit and Compliance

Get powerful market trends insights that are shaping the M

Mergers and Acquisitions

The accounting and finance community on BrightTALK features presentations from leading accountants and finance professionals. The accounting community includes tax planning strategies, QuickBooks webinars and other accounting webinars, while the finance community features presentations on financial capital regulations and forensic data analytics. Join the conversation by attending live financial and accounting presentations and connecting with industry thought leaders.

By the Numbers: Software Supply Chain Security Risks

Presented by

About this talk

More from this channel