Name: Don’t Take the Bait: Four Software Supply Chain Attacks
Start: 2025-01-23T10:00:00Z
End: 2025-01-23T10:00:52.000Z
Location: BrightTALK
Rating: 0

Black Duck® offers the most comprehensive, powerful, and trusted portfolio of application security solutions in the industry. We have an unmatched track record of helping organizations around the world secure their software quickly, integrate security efficiently in their development environments, and safely innovate with new technologies. As the recognized leaders, experts, and innovators in software security, Black Duck has everything you need to build trust in your software.

As of October 1, 2024 the Synopsys Software Integrity Group is now Black Duck®

Securing your software supply chain begins with knowing what’s in your code. With AI-generated code and ubiquitous open source software use, it’s never been more critical to understand what risks your software may contain. In fact, last year alone we found that 81% of codebases contained a high-/critical risk vulnerability.
 
Join this webinar as we explore the findings from the 2025 “Open Source Security and Risk Analysis” report. We’ll cover:
 
• The state of open source software security
• Tips for mitigating risks and keeping vulnerabilities out of your supply chain
• How to protect against security and IP risks from AI coding tools

The 2025 Guide to Open Source Security and Risk

Open source is widely used in software development because it allows you to create high-quality software quickly - especially with the use of AI-assisted coding tools. But if left unmanaged, open source can lead to license compliance issues as well as security and code quality risks. Whether you’re on the buy side or sell side, these risks could negatively affect valuation in an M&A transaction.

Join this webinar for an inside look at the data Black Duck Audits complied in 2024 from the hundreds of tech transactions and thousands of codebases we audited. We’ll cover:

• Open source license and security risks by the numbers
• Why audits have become the norm in M&A tech due diligence
• How you can get a complete picture of open source risks

By the Numbers: 2025 Open Source Risk in M&A

The latest “Building Security in Maturity Model” (BSIMM) report, based on data from 121 firms, reveals critical trends shaping the future of application security. Since its start in 2008, the BSIMM report has been a trusted resource for organizations navigating the challenges of securing software. 

This webinar will dive into the key findings of BSIMM15, including
- The transformative role of AI/ML in software development and security
- Managing risks in the increasingly vulnerable software supply chain
- The surprising decline in security awareness training
- How the “shift everywhere” approach is evolving to meet the needs of emerging technologies

Join us to uncover actionable strategies to strengthen your application security program in an era of rapid change.

BSIMM15 Insights: Trends Shaping Software Security in 2025

Open source software is at the heart of modern development, but it comes with its own set of challenges. The number of discovered vulnerabilities continues to rise year after year. Staying ahead in this evolving landscape requires not only vigilance but also access to accurate vulnerability data. 
Join us for an exclusive webinar with the Black Duck Vulnerability Research team, where you'll gain insights into their cutting-edge approach to identifying and addressing vulnerabilities in open source software. Discover how their innovative methods empower organizations to detect and remediate vulnerabilities quickly and effectively. 
In this session, you'll learn: 
- How the Black Duck Vulnerability Research team operates and innovates to deliver unparalleled vulnerability insights. 
- Why the quality and accuracy of vulnerability reports are critical to security success. 
- The latest trends and insights shaping the open source vulnerability landscape.

Black Duck Vulnerability Research

Containerized applications and microservices simplify scaling and deployment. Yet, they also create new opportunities for attackers to exploit. Misconfigurations in these environments can allow attackers to hide, move, and launch advanced attacks.
 
Join us for a deep dive into common container misconfigurations. We'll dive into Black Duck’s extensive experience in container penetration testing.
 
What you’ll learn:
    •    Common misconfigurations found in containerized environments.
    •    How attackers exploit these vulnerabilities to compromise systems.
    •    Strategies to reduce risks and enhance container security.

Understanding Container Security: Common Misconfigurations

As artificial intelligence (AI) continues to revolutionize software development, the integration of AI-driven coding tools has become increasingly prevalent. However, this rapid adoption brings new challenges and opportunities in the realm of application security.

This session will explore the evolving landscape of AI-assisted coding and its implications for secure software development. Attendees will gain insights into common security vulnerabilities introduced by AI-generated code and learn best practices for mitigating these risks.
Key topics will include:

-Security Risks and Challenges: Identifying and addressing security vulnerabilities in AI-generated code.
-Best Practices for Secure AI Coding: Strategies for integrating security into the AI-driven development process.
-Future Trends: The evolving role of developers in an AI-centric coding environment and the importance of continuous security education.

Application Security in the Age of AI-Drive Coding

In February 2024, the NIST Cybersecurity Framework (CSF) 2.0 update was released, featuring the latest advancements. This update brings a host of transformative changes, expanding the framework's scope. It also provides stronger governance and supply chain risk management. There are also refining metrics for assessing cybersecurity effectiveness. 

Join this webinar to learn about
• The long-anticipated CSF 2.0 update
• The implications of the changes in the 2.0 update 
• Leveraging these changes to improve current cybersecurity programs

Embracing the Future of Cybersecurity with NIST CSF 2.0

As software applications grow more complex, so do the security challenges they face. This webinar dives into the critical importance of proper software vulnerability detection, highlighting how current public vulnerability reporting systems often fall short. We’ll explore why accuracy and timeliness in identifying and addressing security risks are non-negotiable and demonstrate how free or entry-level tools fail to meet the demands of modern application security.
 
Join us and discover strategies and solutions that go beyond basic approaches, ensuring your applications remain resilient in an ever-changing threat environment. This session will equip you with the knowledge and tools to elevate your security practices and protect what matters most.
 
Key takeaways:
- Why vulnerability detection is foundational to application security
- The pitfalls of public vulnerability reporting and how to navigate them
- The importance of accurate, timely responses to emerging threats
- Why free tools aren’t enough—and what to look for in advanced security solutions

Your AppSec Assessments Are Wrong, And Why It Matters

Join us as we explore how to scale application security in today's dynamic development environments. Don't miss this opportunity to uncover actionable strategies for managing software risk. Learn to achieve scalable application security in today's fast-paced development landscape.

What You'll Learn
- How to streamline application security and maximize insights for improved outcomes
- Techniques to optimize processes, enhance collaboration, and deliver secure software without sacrificing development speed
- Why leveraging an Application Security Posture Management (ASPM) solution can help standardize AppSec practices across diverse tooling, teams, and applications within your organization

4 Steps for End-to-End Software Risk Management

Forcing AppSec tests into developer pipelines, without aligning them to their preferred tools, can lead to inefficiencies and security oversights. Security teams need full risk visibility and developers need to meet shipping deadlines. While developers should not take full responsibility for security testing, they must be able to initiate, support, and benefit from it without changing their existing workflows. 

The most effective and efficient way to accomplish this is with out-of-the-box integrations and security testing templates that work natively with leading DevOps platforms like GitHub, GitLab, and Azure DevOps (ADO) to automate critical AppSec tests and quickly close feedback loops with developers. Join Black Duck as we discuss: 

Using DevOps platforms’ automation templates to embed AppSec into CI pipelines 

- Making security scans and fix pull requests an automatic part of dev workflows 
- Reducing risk and issue backlogs with developer security training and clear fix guidance 
- Accelerating AppSec using AI-enabled DevOps and security tools 

Start making life easier for developers and AppSec teams with integrated security testing for GitHub, GitLab, ADO, and more.

Developer-First Security: How to Automate Security Tests with GitHub, GitLab, and more

Explore key insights from the “2024 Vulnerability Snapshot” report, which is based on data from over 200,000 application security scans. This webinar will explore critical findings, such as the prevalence of injection vulnerabilities, and highlight evolving threat landscapes impacting organizations today. Our expert panel will also discuss how strategic use of dynamic application security testing (DAST) and other methodologies can address these challenges. 
 In this webinar you will learn
• Emerging threat patterns and which vulnerabilities pose the greatest risk across industries
• Why DAST is essential for uncovering complex, runtime vulnerabilities that traditional testing might miss
• Practical recommendations, backed by comprehensive data, to enhance your security practices
 Join us to deepen your understanding of today’s security landscape and learn how data-driven insights can inform better security decisions.

Essential Vulnerability Insights for AppSec

Gain insights into important legal developments from two of the leading open source legal experts, Tony Decicco, Principal at GTC Law Group & Affiliates and Chris Stevenson, Of Counsel at DLA Piper.

This annual review will highlight the most significant legal developments related to open source software in 2024, focusing on topics that were resolved, those that got started, and what we can expect to see in coming years. We'll cover: 

• Updates on key open source-related litigation and disputes
• The on-going impacts of GAI coding tools
• Noteworthy license changes
• The Open Source AI Definition
• Open source software controversies, deals, and hacks
• And much, much more

CLE:
DLA Piper LLP (US) has been certified by the State Bar of California, Illinois MCLE Board, the Board on Continuing Legal Education of the Supreme Court of New Jersey, and the New York State Continuing Legal Education Board as an Accredited Provider. The following CLE credit is being sought: 
• California: 1.25 Credits (1.25 General, 0.0 Ethics)
• Illinois: 1.25 Credits (1.25 General, 0.0 Professional Responsibility)
• New Jersey: 1.5 Credits (1.5 General, 0.0 Ethics)
• New York: 1.5 Transitional & Non-Transitional Credits (1.5 Professional Practice, 0.0 Ethics)
CLE credit will be applied for in other states where DLA Piper has an office with the exception of Minnesota, North Carolina, Pennsylvania, and Puerto Rico.

The 2024 Open Source Year in Review

Generative AI continues to reshape industries, but with its rapid adoption comes an equally fast-evolving set of security challenges. Infosec teams and organizational leaders are under increasing pressure to address these risks effectively.
 
Join us for a forward-looking session that draws on Black Duck’s extensive experience with clients and partners to provide valuable insights into managing AI/ML security in the coming year. This webinar will explore the shift from hype to practical implementation of generative AI, the sophisticated threat landscape targeting AI/ML systems, and key updates to the OWASP LLM Top 10 for 2025.
 
In this high-level discussion, you’ll gain:
- Lessons learned from real-world engagements with AI/ML security in 2024.
- Insights into the evolving threat landscape and its implications for AI/ML systems.
- A deeper understanding of critical changes in the OWASP LLM Top 10 for 2025.

Navigating AI/ML Security: The Essentials for 2025

The EU created the Digital Operational Resilience Act (DORA) to help the financial sector withstand, respond to, and recover from Information and Communication Technology (ICT) disruptions.  But what does that mean from a security testing perspective?
 
Join this webinar to get practical and tactical advice on how to address testing requirements. We’ll cover:
 
• An in-depth look at DORA with a focus on articles 25 and 26 (testing)
• It’s impact on the financial sector and vendors that support them
• Best security testing practices to satisfy DORA requirements

DORA and Software Security

As the popularity of cloud-native applications continues to surge, containers are becoming the preferred option to package and deploy these applications because of the agility and scalability they deliver. According to Gartner, “by 2022, more than 90% of global organizations will be running containerized applications in production by 2026 or 2027,up from less than 40% in 2021.”

The popularity of containers has also attracted the attention of hackers who are constantly looking for new ways to exploit them. Containers expand an organization’s attack surface and increase the risk to the applications they house. A comprehensive approach for container security is required to mitigate the risk to containerized applications and infrastructure.

In this webinar, we’ll outline the essential elements required to secure your container environments, including:
• Understanding what containers are (and aren’t)
• How to look at container security holistically
• The top threats to container landscapes
• Relevant case studies

Container Security Essentials

Do you want to secure your software at scale? An application security posture management (ASPM) solution could be the answer. Maintain a strong security posture —and ensure compliance with industry standards and regulations—by gaining visibility into your applications.

Join us for a panel discussion where we share steps for securing applications. You'll learn

• Real-world use cases: Discover how regulatory-heavy industries and large enterprises use ASPM to address security challenges

• Operationalizing testing: Gain insights into how security teams can use ASPM to automate and operationalize security testing

• Maturing your AppSec program: Learn practical steps to enhance your AppSec program with ASPM

Don't miss the opportunity to learn how to be proactive in risk management.

Secure Application Software at Scale

AI-powered development has greatly increased the rate at which software evolves. But using artificial intelligence as a proxy for security-aware developers introduces a variety of risks to the business.

Organizations must prepare for the complexities of AI-powered development. This requires establishing consistent and scalable DevSecOps initiatives. The discussion will cover

• Innovation and trends in AI-powered software development
• The inherent risks to application security and business operations of using AI and third-party digital artifacts
• Best practices for establishing application security testing and issue remediation within DevOps workflows that include AI
• Ways to use AI to empower developers and reduce the opportunity of an attack

Artificial Intelligence, Real Security: Preparing DevSecOps for AI Development

Securing your software supply chain requires that you analyze dependencies for risk, harden your development pipeline, and secure the artifacts that you deploy or ship to customers. Are you prepared for the four common attack vectors that bad actors exploit?  

In this webinar, we’ll look at different types of software supply chain attacks and discuss:    

• The riskiest points of your software development lifecycle 
• Real-world examples of how attackers take advantage of upstream dependencies and build automation 
• Crucial tools and processes to help you avoid falling victim to supply chain attacks

Don’t Take the Bait: Four Software Supply Chain Attacks

Open Source

Software Composition Analyst

Cyber Attacks

SDLC

Application Development

Application Security

Software Development

software security

Attack Vectors

Intellectual property law is crucial to ensuring that you or your organization have exclusive rights to that assets that you’ve created. The BrightTALK intellectual property community has thousands of professionals focused on learning and exchanging information about intellectual property management, intellectual property software and how to protect intellectual property. Join the community for access to free, interactive presentations or attend live webinars to have your questions answered by IP lawyers and industry experts.

Intellectual Property

The legal community on BrightTALK combines the fields of employment law, e-discovery, intellectual property and environmental law to create a thriving ecosystem of legal resources. Attend live and on-demand webinars dealing with employment contract law, e-discovery solutions, intellectual property software and sustainable development from leading lawyers and legal professionals to gain knowledge in a wide range of fields. Join the community and be part of the conversation by attending live legal webinars and connecting with industry thought leaders.

Legal

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

Join thousands of engaged IT professionals in the application management community on BrightTALK. Interact with your peers in relevant webinars and videos on the latest trends and best practices for application lifecycle management, application performance management and application development.

Application Management

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Internal audit and compliance professionals are facing increasingly stringent regulatory requirements when it comes to compliance reporting and internal control procedures. Join the audit and compliance community to learn best practices from thought leaders on topics such as regulatory compliance, internal audit checklists and audit program strategies.

Audit and Compliance

Get powerful market trends insights that are shaping the M

Mergers and Acquisitions

The accounting and finance community on BrightTALK features presentations from leading accountants and finance professionals. The accounting community includes tax planning strategies, QuickBooks webinars and other accounting webinars, while the finance community features presentations on financial capital regulations and forensic data analytics. Join the conversation by attending live financial and accounting presentations and connecting with industry thought leaders.

Don’t Take the Bait: Four Software Supply Chain Attacks

Presented by

About this talk

More from this channel