Name: Understanding DORA Compliance: Insights from SurePay and Sonatype
Start: 2024-08-29T13:00:00Z
End: 2024-08-29T13:00:36.000Z
Location: BrightTALK
Rating: 4.5

Sonatype is the software supply chain management company. We empower developers and security professionals with intelligent tools to innovate more securely at scale. Our platform addresses every element of an organization’s entire software development life cycle, including third-party open source code, first-party source code, infrastructure as code, and containerized code. Sonatype identifies critical security vulnerabilities and code quality issues and reports results directly to developers when they can most effectively fix them. This helps organizations develop consistently high-quality, secure software which fully meets their business needs and those of their end-customers and partners. More than 2,000 organizations, including 70% of the Fortune 100, and 15 million software developers already rely on our tools and guidance to help them deliver and maintain exceptional and secure software.

De nombreuses entreprises pensent qu'elles peuvent éliminer les attaques malveillantes en attendant d'analyser les logiciels avant qu'ils n'entrent en production, alors que dans de nombreux cas, il est trop tard.

Rejoignez Hervé et Boutemy, Sonatype et Pierre Cheval, Fortify sur la façon dont Sonatype Repository Firewall empêche les risques open source connus et inconnus d'entrer dans votre chaîne d'approvisionnement.

Cette session abordera les sujets suivants:

Comment votre entreprise peut améliorer la sécurité sans impacter la productivité des développeurs
Comment Repository Firewall peut protéger votre chaîne d'approvisionnement en logiciels et s'intégrer à votre ensemble d'outils existants.

Démo en direct de Repository Firewall de Sonatype

Rejoignez Hervé Boutemy pour découvrir comment notre NOUVELLE solution SBOM Manager simplifie l'ingestion, la gestion, le contrôle et la conformité.

La session couvrira:

Comment SBOM Manager peut rationaliser et automatiser l'audit, la distribution et le contrôle des SBOM à grande échelle, en garantissant la conformité avec les dernières réglementations.

Démo en direct de Sonatype SBOM Manager

Is your organisation prepared for the Cyber Resilience Act? 

Join experts from Schneider Electric and Sonatype as they break down the key components of the Cyber Resilience Act, its implications for businesses, and effective strategies for compliance. 

Gain the insights you need to ensure your organisation meets these new regulatory standards.

Preparing for the Cyber Resilience Act: Insights with Schneider Electric

Rejoignez Hervé Boutemy pour découvrir les fonctionnalités et les avantages de Sonatype Lifecycle, et montrer comment il peut transformer votre approche du développement et de la sécurité des logiciels.

La session couvrira les points suivants
Adapter le cycle de vie de Nexus au profil de risque de votre organisation
L'autonomisation des développeurs dans leurs outils natifs - i.e. déplacer la sécurité à gauche

Démo en direct sur Sonatype Lifecycle

Is your organisation ready for the NIS2 Directive?

Join Ilkka Turunen, Field CTO at Sonatype, and Helen Oakley, Director of Secure Software Supply Chains & Secure Development from SAP who will guide you through the essentials of NIS2 compliance. 

This session you will:

- Gain a clear understanding of the NIS2 Directive, its scope, and key requirements
- Explore how NIS2 will affect your organisation and the broader software industry
- Discover best practices from SAP’s experience
- Takeaway actionable steps to prepare for and achieve NIS2 compliance

NIS2 Compliance Demystified: Insights with SAP and Sonatype

This session will feature a comprehensive panel discussion on the latest regulatory changes and their implications for organisations. 

Jen Ellis, co-host of the Distilling Cyber Policy podcast, will guide the discussion with Alex Botting, EU Engagement Officer at the Center for Cybersecurity Policy and Law and Ilkka Turunen, Field CTO at Sonatype. 

Our expert panel will delve into key regulations such as NIS2, DORA, and the Cyber Resilience Act, providing valuable insights and practical advice.

Exploring the Future of Software Compliance

In this webinar, you will learn how you can enable the transformative concept of shifting security left, create an early warning system of open source risks in your CI/CD pipelines while instilling confidence in the integrity of your digital assets, and propelling your innovation priorities. 

As digital transformation continues its relentless march, software development has emerged as a crucial driver of innovation and differentiation. However, blind spots in the software supply chain, and the inability to spot them and mitigate subsequent threats can compromise your organization's integrity and even pose an existential threat. When the constant pressure of new product releases while ensuring quality and security is added to the mix, it can quickly become a slippery slope for devs and security teams. 

Sonatype Lifecycle provides a robust platform to empower your teams, offering a modern approach to software development - from identifying and mitigating open-source vulnerabilities to enforcing policy compliance at every stage of development - at enterprise scale and DevOps speed.

Sonatype Lifecycle 101: Balance software supply chain security & DevOps agility

We’re excited to invite you to an exclusive webinar featuring a live demo of our NEW SBOM Manager!  Watch the recording to see how SBOM Manager simplifies ingestion, management, monitoring, and compliance.

Learn how SBOM Manager can streamline and automate your auditing, distribution, and monitoring of SBOMs at scale, ensuring compliance with the latest regulations.

DEMO:  Experience SBOM Manager

As Software Bills of Materials (SBOMs) become imperative for technology providers, Sonatype, AWS, and DXC have put together an expert panel to provide a deep dive on the topic, offering a comprehensive view of SBOMs to clarify their purpose, use cases, and significance in advancing software transparency, compliance, and security.

In this webinar, we'll see SBOMs in action through real-world applications and demonstrations. This session will showcase the practical aspects of implementing SBOMs and the tangible benefits they bring to software security and compliance.

SBOMs in Action: Demonstrations

How information security integrates into the work of others is very different than it was ten years ago — we now integrate into the daily work of development, QA, and operations.  But why did this happen? And how does this inform how infosec will likely have to change, as we increasingly add generative AI and machine learning capabilities to our technology value streams?

In this session we'll share what I’ve learned about why functional specialties, such as information security, information security, accessibility, and legal, have worked so hard to “shift left” in order to integrate into everyone’s daily work.  Embark on a journey into the world of organizational transformation, guided by the insights of our guest speaker Gene Kim. Picture this as a conversation about the game-changers who are shaking up the status quo, flipping the script on how teams collaborate and innovate. We'll dive into the stories of these DevOps pioneers, exploring the strategies and out-of-the-box thinking that Gene Kim champions.

Join us for a dynamic exploration of these key takeaways:

- Strategic Insights: Acquire practical and strategic insights inspired by Gene Kim's research
- Cultural Innovation: Explore how to “wire your organization” to cultivate a culture of innovation and collaboration within your organization
- Leadership Essentials: Uncover what leadership must do to steer your team through the evolving landscape of workplace dynamics.

How DevOps Pioneers are Leading the Next Wave of Organizational Change

As Software Bills of Materials (SBOMs) become imperative for technology providers, Sonatype, AWS, and DXC have put together an expert panel to provide a deep dive on the topic, offering a comprehensive view of SBOMs to clarify their purpose, use cases, and significance in advancing software transparency, compliance, and security.

In this webinar we'll explore the fundamentals and best practices of SBOMs with our industry leaders. Learn why SBOMs are crucial in regulated sectors and how to integrate them effectively into your software development processes.

Mastering SBOMs: Best Practices

Data Science is a relatively new field and as such does not share the same level of maturity that is in use software engineering. One area this is evident is in software supply chain management and more broadly in DevOps practices. We discuss the state of data science practices and how tools like Sonatype Nexus can be employed to improve supply chain management though the whole ML development lifecycle.

Securing the Software Supply Chain in the Dynamic Data Science Environments

Tyler Warden, Sonatype Senior VP of Products sits down for a fireside chat with Fred Farber, Enterprise Architect for BMW of North America. They’ll be chatting about BMWs software supply chain management journey including how Fred has established standards to improve and evolve technical, application, information and business architectures of 115 market specific applications, which support the end to end automotive and motorcycle sales functions for BMW, Mini & Rolls Royce brands for the Americas market.

Fireside chat with BMW & Their Software Supply Chain Management Journey

Sonatype sits down with Sebastiaan Rijnbout, Secure Software Development Specialist from Dutch Chamber of Commerce (KVK) to hear how he has helped to increase the maturity of the entire Secure Software Development Lifecycle at KVK. This includes how he’s shifted security left by enabling and educating the development team by implementing a Security Champions Programme.

Getting Dev Teams to Embrace Secure Development

At a time of economic headwinds, the risks don’t go away, even if some of your budget may. This is why it is more critical than ever to focus on mitigating risk, while getting other key stakeholders in your organization to understand threats faced and progress made. At this exclusive, online event, guest speaker, Jeff Pollard, VP, Principal Analyst from Forrester, will share key metrics, benchmarks and learnings from CISOs around the world. Other experts on the call will also share best practices for mitigating application security risk, without compromising developer productivity, featuring the Sonatype platform.. 


At this discussion you will learn ways to:
- Benchmark your organization against peers
- Establish or evolve your metrics to better assess and communicate risk to key stakeholders
- Successfully mitigate against new threats, including open source malware
- Improve collaboration with key functions, such as software engineering, to enable frictionless innovation
- Effectively advocate for budget in economic headwinds

Beyond the Numbers: Practices that Truly Matter for CISOs & AppSec Leaders

Bad actors are increasingly finding new ways to disrupt the software development supply chain. Whether via dependency confusion, typosquatting, or malicious code injections, attacks on the software supply chain increased 633% over the prior year, with the average cost of a data breach being $4.35 million. Worst of all, many organizations believe they can eliminate these attacks by waiting to scan software before it enters staging / production, when in many cases that is too late.

How can development teams protect their pipelines from these attacks without blowing up their toolchain or slowing the pace of innovation required to remain competitive?
Join this webinar to learn about the most common types of supply chain attacks, and how Repository Firewall is not only your first line of defense but is the easiest solution to securing your supply chain and artifact repositories.
 
Learnings:
- Trends and impact of malicious software supply chain attacks
- How DevSecOps can improve security without negatively impacting developer productivity
- See how Repository Firewall can protect your software supply chain and integrate with your existing toolset

Threat Actors Want Access to Your SDLC -- Here's How to Secure Them

Governments around the world are making secure software development an organizational imperative. For instance, proposed regulations like the EU Cyber Resilience Act and the just-released National Cybersecurity Strategy in the United States, are calling for landmark actions to be taken by organizations.

These acts—and more—hold software providers responsible for insecure products released to consumers. If these rollouts aren’t enough of an incentive to get serious about securing your software supply chain, consider the average cost of a data breach is an astounding $4.35 million U.S.

In the context of these evolving regulations, join Sonatype’s CTO Brian Fox, alongside two other industry veterans, to:
• Review key regulations for the U.S., Europe, Australia, and global industries 
• Explore the impact of these global cybersecurity initiatives 
• Delve into the Great Liability Shift  
• And explore how repository firewalls secure against costly supply chain attacks.

Easily Stop Malware, Before Your Company Becomes Liable (and Broke)

Is your organisation prepared for the Digital Operational Resilience Act (DORA)? 

Join SurePay and Sonatype as we take a deep dive into understanding and achieving DORA compliance. This session will cover the key aspects of DORA, its impact on the financial sector, and practical steps to ensure your organisation meets the new regulatory requirements.

In this session you will:

- Gain a clear understanding of the Digital Operational Resilience Act, its objectives, and key requirements.
- How DORA will impact financial institutions and their third-party ICT service providers.
- Discover best practices and actionable steps to prepare for and achieve DORA compliance.

Understanding DORA Compliance: Insights from SurePay and Sonatype

Software

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

Join thousands of engaged IT professionals in the application management community on BrightTALK. Interact with your peers in relevant webinars and videos on the latest trends and best practices for application lifecycle management, application performance management and application development.

Application Management

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Thousands of healthcare IT professionals compose the health IT community on BrightTALK. Learn alongside them with relevant webinars on healthcare IT compliance, big data in healthcare and IT solutions for healthcare organizations. Join the conversation by asking questions and engaging with other participants during live webinars and organized discussions.

Understanding DORA Compliance: Insights from SurePay and Sonatype

Presented by

About this talk

More from this channel