In this week’s webinars, we’ll talk about binary scanning techniques and challenges, and how to reduce your risk with software supply chain management.
Binary Scanning 101: Pulling Back the Covers on Binaries
Organizations across every industry increasingly rely on open source software to form the foundation of the products and technologies they deliver to the market. So you can assume that the third-party commercial software you depend on from supply chain partners and outsourcers also uses open source as its backbone. The challenge is deciding whether to trust that your vendors are managing potential open source security vulnerabilities proactively or to verify for yourself that the open source embedded in the software you procure remains up to date and secure. The latter, what we refer to as “trust but verify,” requires tools that can look inside compiled binaries to ensure the whole of your application is secure.
Join Lisa Bryngelson, senior product manager at Synopsys, as she pulls back the covers on how Black Duck tackles binary scanning. In this webinar, she’ll discuss:
- Binary scanning basics and best practices
- How binary scanning works
- The different types of binary scanning and identification techniques
- The challenges in detecting specific components or versions
- How developers can make it easier for scanners to produce accurate and precise results
When: Tuesday, July 28 @ 11:30 a.m. Eastern / 8:30 a.m. Pacific
Who: Lisa Bryngelson, Senior Product Manager, Synopsys
Software Is Manufacturing
Modern software is assembled rather than written. Developers usually select third-party open source software components that provide useful chunks of functionality, then write some code to glue everything together into a complete product. Each software component carries its own risk, which means that managing the supply chain of components is crucial to minimizing overall risk.
Software components carry three types of risk. Known vulnerabilities in software components can be directly absorbed in a software product. Component licenses can be incompatible with a product’s license model. Finally, components can present operational risks.
Left unchecked, software supply chain risks can result in consequences that range from irritating to catastrophic. All product development processes should include automated software supply chain management integrated into the development toolchain.
This webinar describes the current landscape of open source adoption and shows how managing the software supply chain results in products that are safer, more secure, and lower risk.
When: Wednesday, July 29 @ 1 p.m. Eastern / 11 a.m. Pacific
Who: Jonathan Knudsen, Technical Marketing Manager, Synopsys
*** This is a Security Bloggers Network syndicated blog from Software Integrity Blog authored by Synopsys Editorial Team. Read the original post at: https://www.synopsys.com/blogs/software-security/webinars-july-27-31/