Name: Sensible Open Source Risk Management in Enterprises
Start: 2022-01-24T09:19:00Z
End: 2022-01-24T09:19:50.000Z
Location: BrightTALK
Rating: 0

Mend, formerly known as WhiteSource, effortlessly secures what developers create. Mend uniquely removes the burden of application security, allowing development teams to deliver quality, secure code, faster. With a proven track record of successfully meeting complex and large-scale application security needs, the world’s most demanding software developers rely on Mend. The company has more than 1,000 customers, including 25 percent of the Fortune 100, and manages Renovate, link here, the open-source automated dependency update project.  For more information, visit www.mend.io, the Mend blog, and Mend on LinkedIn and Twitter. 

Bar-El Tayouri has been programming since the age of 12 and began hacking transportation cards while still in high school. Today, he leads Mend AI, a suite of products designed to enable the GenAI revolution for security-conscious enterprises. He co-founded Atom-Security, an AppSec prioritization company now embedded within Mend Container, following its acquisition by Mend.io. His background includes serving as an architect and the first engineer at an augmented reality startup, along with extensive expertise in data science and cybersecurity.

Hacking & Securing AI Systems: Playing with Fire and Controlling the Flare of AI

In today's fast-paced software development landscape, keeping dependencies up-to-date is essential for maintaining application security, stability, and performance. 
However, managing dependency updates manually can be time-consuming, error-prone, and often overlooked.
Join us on this webinar, as Justin Clareburt and Liora Milbaum will discuss dependency management - specifically, large-scale implementation at large tech companies.
Expect to dive deep into various ways that Renovate is being used through the development and the delivery pipeline, plus the challenges of organizational rollout and monitoring in segmented, multi-developer environments.
In this webinar, you'll discover:
Challenges managing dependencies at scale
How Renovate is being used at large organizations 
Handy tips and tricks for deploying Renovate
Future plans for Renovate at Mend

Managing Dependencies at Enterprise Scale

Planning and implementing your AppSec budget for 2025, is crucial to proactively address evolving security threats, prevent costly breaches, and prioritize security investments. A structured AppSec budget enables you to invest in secure development practices, tools, training and reducing vulnerabilities early in the SLDC.
Join our session with top industry experts, as they discuss the challenges and pain points of creating a solid security budget:
Tackling modern vulnerabilities’ complexities and understanding the growing need for a robust security budget.
Balancing the demand for increased AppSec investment with limited resources and competing business objectives.
Quantifying AppSec initiatives' impact and effectively communicating their value to stakeholders.
Fostering collaboration and integrating security practices into the software development lifecycle.

How to master your 2025 AppSec Budget

Are confidentiality, integrity, and availability still enough, or is it time to evolve our thinking? 
Join Chris Lindsey and a panel of tech leaders from leading enterprises, for a dynamic discussion on the relevance of the CIA Triad in modern security practices.
We’ll explore whether the triad needs to be replaced by more advanced models, such as assigning weighted risk scores or other emerging frameworks for defining security incidents.
The panel will also dive into what constitutes a Zero-Day threat, using the classification of CrowdStrike as a case study. Was it appropriately labeled a Zero-Day?
Gain actionable insights from top security leaders, on how they navigate these challenges and how you can better prepare your organization.

Security’s Confidentiality, Integrity and Availability (CIA) Triad - Outdated or Still Relevant?

Despite significant advancements in AppSec best practices, many organizations continue to struggle with effectively managing their AppSec programs, leading to breaches and damage.
Join us as we share common pitfalls that derail even the best-intentioned application security programs.  
Through actual experience, you will gain a better understanding of underlying causes of AppSec failures and why seemingly robust measures often fail to protect organizations from vulnerabilities.
And finally, walk away with actionable insights to improve and enhance your program's effectiveness.

Why is my AppSec Program Broken?

Software development has evolved at an explosive pace, and while most security testing tools have embraced this evolution as a catalyst to innovate, static analysis tools seem to have missed the invite.  
With long scan times, high-false positives, and costly, complex deployments, most static analysis tools leave teams unimpressed and disillusioned. In short, today’s developers and AppSec teams need more from their static analysis.
What if static analysis went beyond just vulnerability detection? Join us, as we reimagine the future of static analysis, one where teams are able to get actionable insights into their security risks in code. 
In this session, we’ll delve into how:
- The current static analysis landscape is shifting
- AI is reshaping code quality and security
- Static analysis can accelerate developer velocity

AI Meets SAST: Reimagining the Future of Static Analysis

Join Chris Lindsey as he shares proven best practices that will keep your application security program secure and on the right track.  
From real world examples, Chris walks through the following:
Fix Campaign - Focused effort that securely addresses hundreds of findings in less than a week.
Developer Training - Proper training methods that work, from on-boarding, hack-a-thons to beyond, learn how to successfully help train developers.
Container Security - Best practices that work to prevent you from releasing compromised containers quickly and securely.
Whether you're a developer, security professional, or IT leader, this session will equip you with the knowledge and tools to build more secure applications and stay ahead of potential threats.

AppSec for the Win: Proven Best Practices that Work

Could dependency automation be that rare concept embraced by both developers and security leaders alike?
As modern software development becomes increasingly complex, managing and updating dependencies efficiently is crucial. 
Dependency automation tools streamline this process by automatically identifying, updating, and managing libraries and packages, reducing the manual effort required and minimizing the risk of outdated or vulnerable components. 
This proactive approach not only enhances security by ensuring that known vulnerabilities are promptly addressed, but also accelerates development cycles by keeping projects up-to-date with the latest improvements and fixes. 
Join us to explore how automating dependency management can enhance both security and efficiency, and discover why it’s a game-changer in the software development lifecycle.

Dependency Automation: Developer delight & Security satisfaction

In today's complex software landscape, large organizations face increasing pressure to ensure the security and integrity of their software supply chains. SBOMs have emerged as a vital tool for achieving this goal. 
By leveraging SBOMs, organizations can generate an accurate and deeply comprehensive SBOM of all their open-source dependencies, helping to ensure that their software is secure and compliant.
In this advanced-level webinar, our expert delved into the critical role of SBOMs in:
- Identifying Vulnerabilities
- Navigating Complex Ecosystems
- Overcoming Challenges
Watch the webinar and get the chance to learn that SBOMs are not just about compliance; they open up a world of opportunities for improving software security and management.

SBOMs: A Critical Tool for Modern Organizations

AI is rapidly transforming industries, but its power comes with a hidden vulnerability: traditional security methods struggle to keep pace with the unique threats facing AI models.
Malicious attacks can harm your AI and damage your business.
The biggest challenge? Knowing what AI models you even have. Many companies lack visibility into the AI models embedded within their applications, especially those built by third-party libraries or open-source frameworks.
In this webinar, you will learn about:
The unique security challenges facing AI models
How to identify and automatically map all AI models within your codebase, even hidden ones
Proven strategies to proactively address vulnerabilities in third-party libraries and frameworks used by your AI

Securing Your AI: Protecting Against Hidden Threats

We all want to have the best security posture possible, especially when it comes to our mission-critical applications and the software we make available as part of the software supply chain. 
Every security team dreams of fully implementing Zero Trust as the standard across the whole of the organization and having flawless defenses.
In reality, though, security is a never-ending journey, as the landscape constantly shifts at an ever-accelerating rate. 
Defending the perimeter used to be the goal, but in the ultra-interconnected world of services, cloud platforms, and open-source dependencies, we need to rethink how we defend ourselves and our customers. 
We need to stop unrealistically striving for perfection and get back to basics to make sure we are guarding against the most likely, most common, and most costly threats that continue to emerge.

In this webinar we will cover:
- Understanding the threats throughout the Software Supply Chain
- The benefits and realities of implementing Zero Trust
- Thinking through trust, attestation, and scanning
- Finding the right balance of time and effort for security ROI
- Thinking past compliance and defending against the most likely scenarios

Good Enough: Practical Zero Trust Posture in The Software Supply Chain

Building a successful Security Champion program is just the beginning. 
Scaling these champions across your organization while maintaining their effectiveness and alignment with security objectives can be challenging. 
In this webinar, we'll delve deeper into the complexities of managing Security Champions, addressing common hurdles, and maximizing their impact on your application security posture.

Discover how to:
- Navigate conflicting priorities and maintain champion focus on security
- Effectively empower champions without compromising security standards
- Integrate security seamlessly into the development process
- Prioritize vulnerabilities and optimize remediation efforts

Empowering Security Champions: Optimizing for Security Excellence

Software vulnerabilities are at the heart of a data breach. 
Those bugs can be in your third-party software or your own internal applications. 
When software vendors regularly issue updates and patches, how do you know which ones to prioritize? 
How do you ensure your own development team is writing secure code? 
In this panel discussion, experts will discuss how to identify, assess, and prioritize the risk of an attacker exploiting the latest vulnerabilities in your systems. 
They will offer strategies for using DevSecOps for your internal apps as well as building a sound patching policy for your third-party software.

Finding & Fixing Software Vulnerabilities - Endanger your Data

As the importance of securing software supply chains continues to grow, DevSecOps practices are being increasingly adopted to meet this demand. 
The challenge lies in optimizing these processes to ensure developers embrace them without compromising the speed of application development and deployment.

Join us for an insightful webinar where we bring together application development and cybersecurity teams to explore how to shift application security further left in the development process as seamlessly as possible. 
This roundtable discussion will provide valuable insights and practical strategies to enhance the security of your software supply chains.

Key Takeaways:
Effective DevSecOps Integration
Overcoming Implementation Barriers
Optimizing Security Processes

DevSecOps - Panel Webinar

Are you frustrated with developers disregarding security guidelines and AppSec alerts? 
Security Champions can transform this dynamic, turning developers into advocates for secure coding and creating a collaborative environment. 
Join our webinar to discover the secrets of building an effective Security Champion Program that can revolutionize your AppSec efforts.

Discover how to:
Overcome developer resistance and build trust
Foster effective communication and collaboration
Create a culture of security champions within your development teams
Drive meaningful improvements in your application security posture

Turn Developers into Allies: The Power of Security Champion Program

For many organizations, protecting the crown jewels means protecting the source code for their applications. How can security teams put effective controls around source code? 
One of the most common issues around source code management is secrets and configuration management. 
When the organization’s source code is stored within third-party code repositories, exposed configuration files and secrets such as credentials and API keys put organizations at risk. 
How can security teams work with the development teams to ensure that secrets are managed securely and not stored in publicly accessible locations? 
This webinar will offer insight on how to protect the source code from data exposures and theft.

Protecting the Crown Jewels: Source Code Security

In today's fast-paced DevOps environment, ensuring the security of containerized applications is more critical than ever. Traditional vulnerability management often falls short, leaving organizations exposed to potential threats. 

Join us for a webinar designed specifically for security engineers, where we'll delve into innovative techniques for analyzing and improving the security posture of container images using reachability analysis.

In this webinar, you will:
Discover how to identify and prioritize vulnerabilities based on their potential exploitation in runtime environments
Learn hands-on techniques to enhance your organization’s security defenses early in the SDLC
Understand the benefits of integrating reachability analysis into your container security strategy
Gain insights from real-world examples and best practices shared by our experts

Proactive Container Security: Prioritizing Vulnerabilities with Reachability

AppSec leaders are overwhelmed, understaffed, and misunderstood.
Key factors contributing to burnout include misalignment with development priorities, understaffed teams, difficulties in securing executive buy-in, poor collaboration between development and security teams, limited budgets, and the stress of managing known and unknown risks.

This webinar equips you to:
Build a high-performing team
Gain executive buy-in for security initiatives
Create a sustainable security program that protects your organization

By addressing these issues and providing actionable solutions, this webinar aims to empower AppSec leaders to manage their workload more effectively, achieve a healthier work/life balance, and ultimately enhance the security posture of their organizations.

Why AppSec Leaders are Burning Out (and How to Stop It)

Many organizations find it challenging, to determine who’s responsible for managing different security risks and for governing the methods and practices to remediate the open-source risks. Investing in industry-proven tools & leveraging the correct tools during the appropriate phases of the SDLC will allow an organization to implement a scalable and reliable open source governance framework, to reduce this risk and potential for compliance-related issues across the enterprise

Sensible Open Source Risk Management in Enterprises

Open Source

Appsec

SDLC

Risk Management

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

Join thousands of engaged IT professionals in the application management community on BrightTALK. Interact with your peers in relevant webinars and videos on the latest trends and best practices for application lifecycle management, application performance management and application development.

Application Management

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Sensible Open Source Risk Management in Enterprises

Presented by

About this talk

More from this channel