Learn how vulnerability reports can help you fix critical vulnerabilities effectively, and the essentials of application security for DevOps and CI/CD.
Effective Vulnerability Remediation Requires More Than One Data Point
The Synopsys Cybersecurity Research Center (CyRC) has a dedicated team of security analysts who specialize in sourcing, curating, and analyzing open source software vulnerabilities. Their vulnerability feed contains timely, accurate vulnerability reports (Black Duck Security Advisories, or BDSAs) with all the relevant, actionable information customers need to optimize remediation efforts.
BDSAs provide multiple data points that are important to consider when triaging vulnerabilities. Now, Black Duck customers can use this data to automatically prioritize vulnerabilities for remediation. With Black Duck’s advanced policy management and best-in-class vulnerability reports, developers can focus on fixing the most critical vulnerabilities quickly and effectively.
In this webinar, Chris Fearon, director of research engineering, and Jeff Michael, head of Black Duck product management, will take you through Black Duck’s approach to vulnerability prioritization and explain why informed, focused remediation is the preferred approach to open source security management.
When: Tuesday, June 9 @ 8 a.m. BST
Who: Jeff Michael, Senior Product Manager, Synopsys; Chris Fearon, Director of Research Engineering, Synopsys
Modernizing Your SSI for DevOps and CI/CD
What’s the most pressing issue in software security from the last 20 years? We think it’s how to evolve your software security initiative (SSI) to support a modern DevOps practice and CI/CD pipeline while still meeting your security objectives.
In this talk, Kevin will discuss the key challenges of DevOps and CI/CD and arm you with a simple but effective method to optimize software security efforts. He’ll also highlight the inherent benefits of DevOps and CI/CD for secure software development to ensure nothing is left on the table as your SSI transforms. Key learning points:
- Defining core CI/CD and DevOps SSI capabilities for your organization
- Dimensions of maturity for SSDL gates in modern life cycles
- Software security culture, DevSecOps, and your SSI
- Key performance indicators and critical SSI telemetry
When: Thursday, June 11 @ 11 a.m. Eastern / 8 a.m. Pacific
Who: Kevin Nassery, Senior Principal Consultant, Synopsys
*** This is a Security Bloggers Network syndicated blog from Software Integrity Blog authored by Synopsys Editorial Team. Read the original post at: https://www.synopsys.com/blogs/software-security/webinars-june-8-12/