Cybersecurity overview - Open source compliance seminar

•Download as PPTX, PDF•

2 likes•563 views

Follow this presentation to see how an OSS audit and static code analysis can be used to reduce and mitigate the security risks associated with open source software and Internet-based applications. Presented January 2016 at the Open source compliance seminar hosted Brooks Kushman and Rogue Wave Software.

Technology

Cyber Security Overview
Jeff Hildreth
Sr. Account Executive Automotive &
Aerospace/Defense
Jeff.Hildreth@roguewave.com

Agenda
• Why is this a reality in Automotive
• How to mitigate risk
• Augment existing processes to demonstrate security
compliance
2

Cyber Supply Chain Management and TransparencyAct of 2014

6
Requirements
Analysis
System
Design
System Test
Component
Design
Component
Implementation
Component
Test
System
Integration
Item
Definition
Hazard and
Risk Analysis
System
Safety
Concept
System and
Component
Design
Qualitative
Safety
Analyses
Quantitative
System
Analyses
Safety Case
Verification
and
Validation
SECURITY?
ISO 26262

Accept
Sprint 1
Sprint 2
Sprint n Release
Change
Adjust and Track
Feedback
Review
Next Iteration
No!
Yes
!
Release
to Market
Integrate
and Test
Integrate
and Test
Integrate
and Test
Agile Development – Integrated Security
Characteristics
• Multiple testing
points
• Rapid feedback
required
• “Outside” testing
does not meet
agile needs

Application code
3rd party components
Ensure the open source code provider has a strong security plan
APIs and Web Services
Prevent buffer overflows and ensure your code is safe before adding it to your code
Test your
code
Look for flaws
early
Make security
a priority

9© 2015 Rogue Wave Software, Inc. All Rights Reserved.
Common attacks
Organizations have failed to prevent attacks
Lack of time Lack of focus
Lack of
tools/proper
tools
Survey:
1700 developers,
80% of them
incorrectly answered
key questions
surrounding the
protection of sensitive
data
SQL injection
Unvalidated
input
Cross-site
scripting
Most breaches result from input trust issues
Heartbleed:
buffer overrun
BMW patch:
HTTP vs. HTTPS

© 2015 Rogue Wave Software, Inc. All Rights Reserved.
Security is hard but it’s important
10
Agile, continuous integration,
continuous delivery
Understanding processes
Educating teams
Implementing tools
Enforcing compliance
Measuring success
Adopting new standards
Systems integrators vs.
systems builders
Multiple development teams

© 2015 Rogue Wave Software, Inc. All Rights Reserved.
Who owns security?
11
Security is everyone’s
responsibility
Developers
 Focused on making code
functional
 Meeting deadlines
 Developing code faster
 Security is an
afterthought
IT
 Cleaning up the
aftermath of breaches
 Preventing system hacks
 Creating a safe structure
 Security is a priority
Developers
 Focused on making code
functional
 Meeting deadlines
 Developing code faster
 Security is an afterthought
IT
 Cleaning up the
aftermath of breaches
 Preventing system hacks
 Creating a safe structure
 Security is a priority
Tools
 Automate detection of
vulnerabilities
 Fit into existing processes
 Aggregate reports to see
trends

12© 2015 Rogue Wave Software, Inc. All Rights Reserved.
Understanding vulnerabilities
Klocwork
On-the-fly scanning
OpenLogic
Secure open source
“On-the-fly”
Analysis Build Analysis / Test
Organizations need automation and scanning support

Open Source and CVE
The Common Vulnerabilities and Exposures (CVE) system provides a reference-
method for publicly known information-security vulnerabilities and
exposures. MITRE Corporation maintains the system, with funding from
the National Cyber Security Division of the United States Department of Homeland
Security. CVE is used by the Security Content Automation Protocol, and CVE IDs
are listed on MITRE's system as well as the US National Vulnerability Database.
Audit your
code
Review CVE
Monitor &
Remediate

Defect reduction efforts
OWASP, MISRA, ISO 26262
See where and how the defects are being reduced
Chart defects and establish a baseline in order to focus
on priorities
Compliance
of standards
Continuous
reporting &
trending
Agile development team: baseline scanning, triage the critical issues first

QUESTIONS
dave.mclouglin@roguewave.com
15

What's hot

Vapt pci dss methodology ppt v1.0

Network Intelligence India

Automotive safety has been a major concern for manufacturers everywhere and now the threat of automotive hacking looms. Your team may be familiar with safety standards and defensive coding techniques but do you know how to handle security threats at the code level? What can you do next to transform your processes and development strategies? Join automotive experts from Rogue Wave Software for the first in a three-part series on securing your code and solidifying processes to ensure safe, defect-free software. By educating teams and understanding proven techniques, you’ll be able to take the next step towards less risk and more value for your applications. In this first one-hour webinar you'll learn: - Techniques to protect your automotive software systems from risk - Tools that accelerate compliance with security and safety standards - Tips to ensure defects are eliminated as early as possible

The road towards better automotive cybersecurity

Rogue Wave Software

At Security Testing, Web applications are complex and face a massive amount of sophisticated attacks as well as Web applications are a major target of attackers. Security testing is considered an art; the success of a security tester in detecting vulnerabilities hence mainly depends on his skills we use advanced testing techniques, experienced testing specialists and a process driven approach to security testing to ensure we deliver a highly effective security testing service with fewer resources and in a shorter period of time. OWASP TOP 10 dedicated to security analysis has proved their ability to identify complex attacks on web-based or mobile application security. However, the gap between an abstract attack traces output by an OWASP and a penetration test on the real web application is still an open issue. We present here an approach for “What We Can Do” on security testing web applications starting from a secure model.

Security testing-What can we do - Trinh Minh Hien

Ho Chi Minh City Software Testing Club

Security testing

Tabăra de Testare

5 Important Secure Coding Practices

Thomas Kurian Ambattu,CRISC,ISLA-2011 (ISC)²

Continuous and Visible Security Testing with BDD-Security

Stephen de Vries

Open Source Security for Newbies - Best Practices

Black Duck by Synopsys

Security Testing for Web Application

Precise Testing Solution

FLIGHT WEST 2018 Presentation - Integrating Security into Your Development an...

Black Duck by Synopsys

To ensure critical data can only be accessed by authorized personnel, it is paramount to integrate security best practices during development. It’s equally important to protect deployed systems, especially in CI/CD (continuous integration and deployment) and DevOps environments. Attend this webcast to learn techniques to define, design, develop, test, and maintain secure systems. Particular focus will be paid to software-dependent systems. Topics include: • Identifying and risk-rating common vulnerabilities • Applying practices such as least privilege, input/output sanitation, and system hardening • Implementing test techniques for system components, COTS, and custom software

Develop, Test & Maintain Secure Systems (While Being PCI Compliant)

Security Innovation

Penetration Testing

RomSoft SRL

Presented September 15, 2016 by John Steven, CTO, Cigital; Mike Pittenger, VP Security Strategy, Black Duck Today, open source comprises a critical component of software code in the average application, yet most organizations lack the visibility into and control of the open source they’re using. A 2016 analysis of 200 commercial applications showed that 67% contained known open source vulnerabilities. Whether it’s a SaaS solution you deliver to millions of customers, or an internal application developed for employees, addressing the open source visibility and control challenges is vital to ensuring proper software security. Open source use is ubiquitous worldwide. It powers your mobile phone and your company’s most important cloud application. Securing mission critical applications must evolve to address open source as part of software security, complementing and extending the testing of in-house written code. In this webinar by Cigital and Black Duck security experts, you’ll learn: - The current state of application security management within the Software Development Lifecycle (SDLC) - New security considerations organizations face in testing applications that combine open source and in-house written software. - Steps you can take to automate and manage open source security as part of application development

Managing Open Source in Application Security and Software Development Lifecycle

Black Duck by Synopsys

Application Security Risk Assessment

Thomas Kurian Ambattu,CRISC,ISLA-2011 (ISC)²

Extending the 20 critical security controls to gap assessments and security m...

John M. Willis

The CIS Critical Security Controls the International Standard for Defense

EnclaveSecurity

Fujitsu Network Communication (FNC) was historically an closed-source development organization. Today, FNC is not only a consumer of open source in their software development, but also an active open source contributor with the release of Warrior (http://warriorframework.org). In this session, FNC Open Source champion, Karan Marjara will walk through FNC's move toward embracing the open source model as a strategic benefit, and demonstrate how they are leveraging open source with Warrior.

Making the Strategic Shift to Open Source at Fujitsu Network Communication

Black Duck by Synopsys

This secure lifecycle management process (SLCMP said slickum) defines the basic and most realistic way to develop secure software. While the briefing is a bit dated slide 34 is still a very relevant process. What is below the green line is the security dynamic process that happens supporting the basic development process seen above the green line. SLCMP is supported by building a complementary and excellent information risk framework system security plan or IRASSP. SLCMP is operationally deployed.

Secure by design and secure software development

Bill Ross

Join security experts from Rogue Wave Software for the first in a three-part series on ensuring your code and processes are secure. Network intrusion. Information theft. Outside reprogramming of systems. These examples are just a few of the several reasons why software security is becoming increasingly more important to all industries. No system is immune, so it’s more important than ever to understand why secure code matters and how to create safer applications. In this first one-hour webinar you'll learn how to: - Protect your systems from risk - Comply with security standards - Ensure the entire codebase is bulletproof

Create code confidence for better application security

Rogue Wave Software

TSS - App Penetration Testing Services

Ahmad Sharaf

Secure Coding and Threat Modeling

Miriam Celi, CISSP, GISP, MSCS, MBA

What's hot (20)

Vapt pci dss methodology ppt v1.0

The road towards better automotive cybersecurity

Security testing-What can we do - Trinh Minh Hien

Security testing

5 Important Secure Coding Practices

Continuous and Visible Security Testing with BDD-Security

Open Source Security for Newbies - Best Practices

Security Testing for Web Application

FLIGHT WEST 2018 Presentation - Integrating Security into Your Development an...

Develop, Test & Maintain Secure Systems (While Being PCI Compliant)

Penetration Testing

Managing Open Source in Application Security and Software Development Lifecycle

Application Security Risk Assessment

Extending the 20 critical security controls to gap assessments and security m...

The CIS Critical Security Controls the International Standard for Defense

Making the Strategic Shift to Open Source at Fujitsu Network Communication

Secure by design and secure software development

Create code confidence for better application security

TSS - App Penetration Testing Services

Secure Coding and Threat Modeling

Similar to Cybersecurity overview - Open source compliance seminar

With many automotive organizations transforming development efforts towards agile methodologies, the need to redefine and establish security, safety, and quality standards and testing methods is more important than ever. How do we fit safety and security planning and tools into the adaptive development and rapid delivery practices of agile teams? In this second one-hour webinar you'll learn how to: - Integrate security and compliance testing with agile development - Provide context for fast triage and remediation - Create policies for code management in integrated testing environments

Navigating agile automotive software development

Rogue Wave Software

Network intrusion. Information theft. Outside reprogramming of systems. These examples are just a few of the several reasons why software security is becoming increasingly more important to all industries. No system is immune, so it’s more important than ever to understand why secure code matters and how to create safer applications. With this presentation you'll learn how to: -Protect your systems from risk -Comply with security standards -Ensure the entire codebase is bulletproof

Create code confidence for better application security

Rogue Wave Software

Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...

Manoj Purandare ☁

Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...

Manoj Purandare ☁

Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...

Manoj Purandare ☁

Software security is best built in. This presentation introduces three essential things to help you design more secure software. In order to have a secure foundation, you can create and select security requirements for your applications using evil user stories and utilizing existing material for example from OWASP. Another useful skill is threat modeling which helps you to assess security already in the design phase. Threat modeling helps you deliver better software, prioritize your preventive security measures, and focus penetration testing to the most risky parts of the system. The presentation covers various methods, such as the STRIDE model, for finding security and privacy threats. You will also learn what kind of security related testing you can do without having any infosec background.

What Every Developer And Tester Should Know About Software Security

Anne Oikarinen

As consumer demands drive vehicle software to new limits, the rapid evolution of embedded software technology brings security and safety software challenges. These challenges are made more difficult because vehicle software continues to increase in size and complexity, elevating the risk of failures. Regardless of the difficulty, safety critical software must be secure and reliable to avoid severely damaging a company’s reputation and competitive advantage. At Rogue Wave, it is our job to help customers ensure their software is secure and reliable. Our source code analysis tools have analyzed billions of lines of code across the mobile device, automotive, consumer electronics, medical technologies, telecom, military and aerospace sectors. Although the automotive industry comes with some unique challenges and requirements to ensure security and compliance, we know how to work in complex environments given our experience with more than 3,000 customers over the last 25 years, including the biggest brands in the automotive industry.

Top 5 best practice for delivering secure in-vehicle software

Rogue Wave Software

Secure SDLC in mobile software development.

Mykhailo Antonishyn

SECURITY TESTING is a type of Software Testing that uncovers vulnerabilities, threats, risks in a software application and prevents malicious attacks from intruders. The purpose of Security Tests is to identify all possible loopholes and weaknesses of the software system which might result in a loss of information, revenue, and repute at the hands of the employees or outsiders of the Organization.

Security Testing.pptx

osandadeshan

Watch this on-demand webast to learn how to acheive security compliance with AlienVault Unified Security Management (USM): https://www.alienvault.com/resource-center/webcasts/how-to-solve-your-top-it-security-reporting-challenges-with-alienvault?utm_medium=Social&utm_source=SlideShare&utm_campaign=solve-it-compliance-usm-webinar Learn how you can take your on-premises and cloud security to the next level with a free online demo at: https://www.alienvault.com/products/usm-anywhere/demo?utm_medium=Social&utm_source=SlideShare&utm_campaign=solve-it-compliance-usm-webinar

How to Solve Your Top IT Security Reporting Challenges with AlienVault

AlienVault

Applicaiton Security - Building The Audit Program

Michael Davis

王峰人在排队，眼睛不停地越过子允的肩膀扫向那边的周晨晨，几乎是看一眼香港六合彩应付下子允的话，发酸的心很是羡慕子允这只童子(又鸟)，特别奇怪身边的香港六合彩怎开窍了，而且一开窍就迷住了周晨晨的美窍。子允不明其中奥秘，因自己正暗笑着王秀，以为王峰与自己笑的一件事，于是乎笑得更爽。王峰见心情极佳的子允这么配合，自知有愧，不再看，又忍不住，相对减少了频率。周晨晨的侧轮廓可谓中西合璧的精彩，在窗玻璃里和窗玻璃外的两堆人中很是醒目。王峰心不在焉地和子允搭话，心思飘扬，目光也飘扬。周晨晨看那老太太并不是在感伤自己也会变得那般模样，以香港六合彩现在的豆蔻年华绝不会产生三四十岁女人的惆怅。香港六合彩现在只是现在的心思，一种常被青春女孩放大的心思，而这种心思即使香港六合彩到了老太太时期也未必会说出来，所以女人的心思一直是心理学家攻克不破的难题。香港六合彩终于把脸转到室内，想看子允的，却撞见王峰不知冲着谁的笑容。香港六合彩看看东张西望的王秀，知道是对自己，礼貌地回了个笑容。这个笑容好像一炉炼钢水，王峰好像是温度计，那根赤色的水银柱像猫爬树似的从脚底直窜头顶。子允不知王峰为何如此，抱怨麦当劳态度太热情，空调也开得太足。两人端着托盘向座位走时，子允忽然犯难。和王秀一起洗手的周晨晨先回座位坐下，子允犹豫，是不是该跟周晨晨坐一排，这可是千载难逢的好机会，香港六合彩王秀回来看见也不好叫自己离开。子允下定决心，稍微调整脚的角度朝周晨晨旁边的位子走去。香港六合彩站在周晨晨旁边，只觉得心速比麦当劳还辛劳，眼神却固执地问香港六合彩可以坐这吗？周晨晨清澈的眸子闪了一下，嘴角月牙般一翘，看得子允是心花怒放，正要落下屁股，却见身后的王秀正甩着没烘干的手瞪着。子允背脊发冷，悻悻地回到王峰身边，香港六合彩简直悔青了肠子，万分懊悔为什么要回头，为什么要自觉地让开。香港六合彩发誓以后绝不回头，狼就是这样躲在身后咬人脖子的。周晨晨也是失望的模样，碍于女孩的面子没说。香港六合彩希望子允大胆说出来，这样才好顺水推舟让王秀离开。子允没考虑那么多，只在心里骂王秀讨嫌。王峰一改到哪都是中心人物的派头，拘谨得只顾埋头吃汉堡，子允找香港六合彩搭腔，也只象征性点点头，并不进行深层次探究。王峰，你平时不是很活跃吗？现在怎么蔫了？是因为今天的特殊情况有点自卑吧？又是王秀，说时，用下巴指了一下子允。子允赶忙咽下嘴里的可乐，不等王峰继续发愣，王秀，你名字中这个秀字特别好。王秀更来精神，这秀字怎么说都是好的意思，于是丢开王峰等着子允继续。《Y滋味》脱口秀主持人知道吗？你适合去当脱口秀主持人。说着用腿撞王峰的腿，示意香港六合彩一起反戈。王秀不知话里玄机，臭美起来，你这么一说，我倒觉得自己真有这方面天赋呢。所以今天有你在，我都觉得自卑。不过听我外国朋友说，一个三流的女脱口秀主持人，只要会讲话就可以，至于还靠……什么吸引人，就看香港六合彩敢不敢真的作秀了。子允打顿时明显省略了脱的意思，有意思的东西往住会因为含蓄地说出来而更有意思。你……王秀不笨，气红了香港六合彩那按物理学来说很不容易红起来的肥脸。平时很少有谁敢惹香港六合彩

六合彩香港-六合彩

baoyin

When did we forget that old saying, “prevention is the best medicine”, when it comes to cybersecurity? The current focus on mitigating real-time attacks and creating stronger defensive networks has overshadowed the many ways to prevent attacks right at the source – where security management has the biggest impact. Source code is where it all begins and where attack mitigation is the most effective. In this webinar we’ll discuss methods of proactive threat assessment and mitigation that organizations use to advance cybersecurity goals today. From using static analysis to detect vulnerabilities as early as possible, to managing supply chain security through standards compliance, to scanning for and understanding potential risks in open source, these methods shift attack mitigation efforts left to simplify fixes and enable more cost-effective solutions. Webinar recording: http://www.roguewave.com/events/on-demand-webinars/shifting-the-conversation-from-active-interception

Shifting the conversation from active interception to proactive neutralization

Rogue Wave Software

Building an AppSec Team Extended Cut

Mike Spaulding

Mike Spaulding - Building an Application Security Program

centralohioissa

Without treating security as an ongoing process, hackers will find, weaponize, deploy, and attack your infrastructure faster than your team can patch. At the same time, the experience of your IT team working with the security group is frustrating and leads to many, many hours of manual work. Learn how to stay ahead of the bad guys and improve the experience for your team with continuous vulnerability management.

How to Perform Continuous Vulnerability Management

Ivanti

Secure Software Development Lifecycle

1&1

Appsec2013 assurance tagging-robert martin

drewz lin

Succeeding-Marriage-Cybersecurity-DevOps final

rkadayam

Perforce on Tour 2015 - Grab Testing By the Horns and Move

Perforce

Similar to Cybersecurity overview - Open source compliance seminar (20)

Navigating agile automotive software development

Create code confidence for better application security

Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...

What Every Developer And Tester Should Know About Software Security

Top 5 best practice for delivering secure in-vehicle software

Secure SDLC in mobile software development.

Security Testing.pptx

How to Solve Your Top IT Security Reporting Challenges with AlienVault

Applicaiton Security - Building The Audit Program

六合彩香港-六合彩

Shifting the conversation from active interception to proactive neutralization

Building an AppSec Team Extended Cut

Mike Spaulding - Building an Application Security Program

How to Perform Continuous Vulnerability Management

Secure Software Development Lifecycle

Appsec2013 assurance tagging-robert martin

Succeeding-Marriage-Cybersecurity-DevOps final

Perforce on Tour 2015 - Grab Testing By the Horns and Move

More from Rogue Wave Software

Open Banking is being driven by regulation in Europe, however, it is ultimately about expanding consumer choice in financial services. Open Banking provides opportunities for financial services and FinTech companies as well as consumers. In this webinar, we’ll examine the influence of Open Banking across the globe and the key differences between regulation-led and market-led initiatives. We’ll also explore essential security standards in Open Banking and how they contribute to a secure Open Banking API interface.

The Global Influence of Open Banking, API Security, and an Open Data Perspective

Rogue Wave Software

No liftoff, touchdown, or heartbeat shall miss because of a software failure

Rogue Wave Software

In today’s economy, companies of all kinds are looking to disrupt their own and other industries across everything from banking through logistics and retail. Disruption and innovation are typically built on the back of a digital transformation strategy; disrupting a market is all about finding new ways of servicing customers through innovative channels or approaches. APIs have become the foundation of disruption, innovation, and digital transformation. This presentation will help you understand the necessary components of a well-constructed API strategy, with particular attention paid to security.

Disrupt or be disrupted – Using secure APIs to drive digital transformation

Rogue Wave Software

Presented at APIdays Paris. API security is the principal concern when it comes to establishing a trusted API ecosystem. Rightly so, because opening up business systems through APIs by definition expands the attack surface that can be exploited. Although many threat vectors and vulnerabilities are well known, we have to remain on the lookout for new threats continuously. On the positive side, open standards that help defend against security threats are constantly being created and refined. What is even more helpful are the specifications that aggregate relevant standards into a comprehensive API security profile. Excellent examples of these are the current specifications that support open banking initiatives like UK Open Banking and PSD2. Could these specifications not have a wider applicability? In other words, would we be able to benefit from the security guidelines captured in these specifications in other verticals like logistics, retail, energy, healthcare and government, too? In this talk, we will compare security guidelines covered in the specifications and see to what extent they may benefit the wider enterprise API developer community.

Leveraging open banking specifications for rigorous API security – What’s in...

Rogue Wave Software

Adding layers of security to an API in real-time

Rogue Wave Software

API management plays an important role in many large enterprises as it sets up the foundation for accelerating the integration of applications, databases, and key processes to derive business value from your APIs. How do you know if your organization is getting the most value out of your API management platform? Ian Goldsmith from Rogue Wave for an in-depth discussion of the importance of an enterprise-class API architecture and key considerations to ensure you are getting the most from your API management platform. As well as a case study that demonstrates how one organization uses the Akana API Platform to create a secure, integrated system to mitigate the risks of business on a public cloud network.

Getting the most from your API management platform: A case study

Rogue Wave Software

Presented at Supercomputing 18. Debugging and analyzing today's HPC applications requires a tool with capabilities and features to support the demands of today’s complex HPC applications. Debugging tools must be able to handle the extensive use of C++ templates and the STL, use of many shared libraries, optimized code, code leveraging GPU accelerators and applications constructed with multiple languages. This presentation walks through the different advanced technologies provided by the debugger, TotalView for HPC, and shows how they can be used to easily understand complex code and quickly solve difficult problems. Showcasing TotalView’s new user interface, you will learn how to leverage the amazing technology of reverse debugging to replay how your program ran. You will also see how TotalView provides a unified view across applications that utilize Python and C++, debug CUDA applications, find memory leaks in your HPC codes and other powerful techniques for improving the quality of your code.

Advanced technologies and techniques for debugging HPC applications

Rogue Wave Software

This is a classic example of older technology not being used to its fullest, which Justin proves by walking through little-known configuration and optimization tricks that get data flowing reliably and efficiently – even for today’s complexity and scale. This session covers: A – Camel basics, understanding Exchanges, Routes, and how to implement EIPs with them B – Examples of real implementations of common EIPs like Content Based Routers and Recipient Lists C – Integration of Camel with common endpoints, like JMS, FTP, and HTTP

The forgotten route: Making Apache Camel work for you

Rogue Wave Software

Are open source and embedded software development on a collision course?

Rogue Wave Software

Microservices and APIs might sound like fairy dust you sprinkle on applications to make them “agile,” judging by today’s industry talk. The reality is that they work as the critical foundations for digital transformation only when done right. The goal isn’t simply to build agile apps, it’s for businesses to gain agility and thrive against the onslaught of digital disruption – and this requires going deeper. Organizations must ensure microservices and APIs add value, and also understand how to put the two together. Walk away with a better understanding of microservices and APIs and be better prepared to drive the right solutions for your organization. Watch on-demand webinar at www.roguewave.com

Three big mistakes with APIs and microservices

Rogue Wave Software

Whether starting from greenfield or modernizing existing infrastructure, how do you remove the guesswork in deploying and maintaining cloud-based, business-critical workloads? From architectural decisions to fine-tuning scale and performance, our open source architects explain how top enterprises build and maintain their open source stacks, focusing on operational agility and cost-effectiveness. You will walk away with real use case examples and five ways to better plan and deliver your next cloud strategy.

5 strategies for enterprise cloud infrastructure success

Rogue Wave Software

PSD2-driven Open Banking is here, and with it comes challenges in understanding what it means, choosing which standards organizations to follow, which practices are right for you, and whether to aim for regulatory compliance only or use the regulation as an opportunity to differentiate and transform. From a strategic and technical point of view, compliance dictates that now is the time to chart a precise implementation for your organization – do you know where to begin?

PSD2 & Open Banking: How to go from standards to implementation and compliance

Rogue Wave Software

With the release of Java 10, the impact of Java 9, and the spread of multiple emerging technologies, the biggest questions for high-performing development teams is: How do we keep up and take advantage of the features relevant to us? Java experts, Toomas Romer and Rod Cope, discuss recent changes to the language and how they impact tools, development velocity, and the ability to innovate; along with industry insights to better plan for more complex systems, the inevitable modernization, and adapting to scale.

Java 10 and beyond: Keeping up with the language and planning for the future

Rogue Wave Software

On the path to innovation, development teams fear nothing but try to avoid three things: Re-work, lawyers, and, missing deadlines. In this talk, Rod Cope will discuss what to do when software is not license compliant, to help avoid lawyers getting involved, disrupting schedules and potential architectural or code changes. The initial step in helping make sure teams are in compliance with open source licenses is education. The goal is to provide concrete steps towards development teams adopting a vested interest in paying attention to what open source they download and how it's used.

How to keep developers happy and lawyers calm (Presented at ESC Boston)

Rogue Wave Software

This isn’t your typical case study, this is the reality of open source: One hundred percent of organizations use varying degrees of OSS, yet we still focus on one particular package or layer when it comes to sharing best practices. The reality is, when we get stuck, it’s the configuration and operational interrelationships between packages that matter. This session takes open source support data across multiple organizations to examine three different scenarios that represent the most common issues we see today (in fact, 80% of the cases we see are due to configuration and package interrelationship issues). Justin Reock covers e-commerce, mobile PaaS, and high performance computing examples to illustrate top problems and solutions for stack selection, infrastructure implementation, and production troubleshooting.

Open source applied - Real world use cases (Presented at Open Source 101)

Rogue Wave Software

For users of SourcePro and Tools.h++, the future of Solaris is uncertain, as seen by the recent reductions of the Oracle Solaris team and an increase in inquiries we're receiving on how to migrate applications from Solaris to Linux. Prepare for your future by joining this webinar on how to best plan and execute a successful migration for your SourcePro or Tools.h++ components. Our technical experts walk through: - Options to migrate code that contains Tools 7 or Tools.h++ libraries - Tips and tricks to migrate code to Linux - How to determine whether you can do it yourself - What to tell your service provider Whether you plan to do it yourself or enlist Rogue Wave professional services, at the end of this webinar you will understand the best path for migration.

How to migrate SourcePro apps from Solaris to Linux

Rogue Wave Software

The HPC community is embracing the advantages of mixed-language development environments, presenting challenges for debugging and testing when application execution and data flow cross languages. How can we take advantage of the unique features offered by different languages while minimizing the impact on bug reproduction, root-cause analysis, and solution? This presentation walks through the current mixed-language HPC landscape to describe the problems with testing these types of applications and best-practice solutions using TotalView for HPC. You will learn how these architectures make it easy to “steer” computation between modules of different languages, to accelerate prototyping and development, and how advanced testing techniques provide visibility into the call stack and data for efficient debugging.

Approaches to debugging mixed-language HPC apps

Rogue Wave Software

Red Hat Enterprise Linux (RHEL) is the dominant distribution used by commercial organizations today. But did you know that there's a functionally-compatible alternative that offers options when it comes to licensing, support, and cost effectiveness? Whether you're thinking about moving away from RHEL or have already made the decision, this webinar gives you the background, proof points, and data to justify why moving to CentOS makes sense. At the end of this presentation, you will have all the data you need to consider for an enterprise Linux migration activity and reasons why CentOS is a viable, cost-effective solution.

Enterprise Linux: Justify your migration from Red Hat to CentOS

Rogue Wave Software

Dive deep into an actual enterprise Linux migration by walking through the planning and execution of the process as seen by our customers. Our enterprise architects will break down the key migration steps to explain the available options, decisions made, and demonstrate actions on a live system. This episode gives you a representative migration experience before you actually migrate, illustrating: Side-by-side comparisons between Red Hat Enterprise Linux and CentOS; steps to consider for the operating system; and steps to consider for common application stacks and packages.

Walk through an enterprise Linux migration

Rogue Wave Software

How to keep developers happy and lawyers calm

Rogue Wave Software

More from Rogue Wave Software (20)

The Global Influence of Open Banking, API Security, and an Open Data Perspective

No liftoff, touchdown, or heartbeat shall miss because of a software failure

Disrupt or be disrupted – Using secure APIs to drive digital transformation

Leveraging open banking specifications for rigorous API security – What’s in...

Adding layers of security to an API in real-time

Getting the most from your API management platform: A case study

Advanced technologies and techniques for debugging HPC applications

The forgotten route: Making Apache Camel work for you

Are open source and embedded software development on a collision course?

Three big mistakes with APIs and microservices

5 strategies for enterprise cloud infrastructure success

PSD2 & Open Banking: How to go from standards to implementation and compliance

Java 10 and beyond: Keeping up with the language and planning for the future

How to keep developers happy and lawyers calm (Presented at ESC Boston)

Open source applied - Real world use cases (Presented at Open Source 101)

How to migrate SourcePro apps from Solaris to Linux

Approaches to debugging mixed-language HPC apps

Enterprise Linux: Justify your migration from Red Hat to CentOS

Walk through an enterprise Linux migration

How to keep developers happy and lawyers calm

Recently uploaded

Tata AIG General Insurance Company - Insurer Innovation Award 2024

The Digital Insurer

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Edi Saputra

MINDCTI Revenue Release Quarter One 2024

MIND CTI

Strategies for Landing an Oracle DBA Job as a Fresher

Remote DBA Services

As privacy and data protection regulations evolve rapidly, organizations operating in multiple jurisdictions face mounting challenges to ensure compliance and safeguard customer data. With state-specific privacy laws coming up in multiple states this year, it is essential to understand what their unique data protection regulations will require clearly. How will data privacy evolve in the US in 2024? How to stay compliant? Our panellists will guide you through the intricacies of these states' specific data privacy laws, clarifying complex legal frameworks and compliance requirements. This webinar will review: - The essential aspects of each state's privacy landscape and the latest updates - Common compliance challenges faced by organizations operating in multiple states and best practices to achieve regulatory adherence - Valuable insights into potential changes to existing regulations and prepare your organization for the evolving landscape

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

TrustArc

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

The Digital Insurer

Discord is a free app offering voice, video, and text chat functionalities, primarily catering to the gaming community. It serves as a hub for users to create and join servers tailored to their interests. Discord’s ecosystem comprises servers, each functioning as a distinct online community with its own channels dedicated to specific topics or activities. Users can engage in text-based discussions, voice calls, or video chats within these channels. Understanding Discord Servers Discord servers are virtual spaces where users congregate to interact, share content, and build communities. Servers may revolve around gaming, hobbies, interests, or fandoms, providing a platform for like-minded individuals to connect. Communication Features Discord offers a range of communication tools, including text channels for messaging, voice channels for real-time audio conversations, and video channels for face-to-face interactions. These features facilitate seamless communication and collaboration. What Does NSFW Mean? The acronym NSFW stands for “Not Safe For Work,” indicating content that may be inappropriate for professional or public settings. NSFW Content NSFW content encompasses material that is sexually explicit, violent, or otherwise graphic in nature. It often includes nudity, profanity, or depictions of sensitive topics.

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf

UK Journal

Real Time Object Detection Using Open CV

Khem

A Principled Technologies deployment guide Conclusion Deploying VMware Cloud Foundation 5.1 on next gen Dell PowerEdge servers brings together critical virtualization capabilities and high-performing hardware infrastructure. Relying on our hands-on experience, this deployment guide offers a comprehensive roadmap that can guide your organization through the seamless integration of advanced VMware cloud solutions with the performance and reliability of Dell PowerEdge servers. In addition to the deployment efficiency, the Cloud Foundation 5.1 and PowerEdge solution delivered strong performance while running a MySQL database workload. By leveraging VMware Cloud Foundation 5.1 and PowerEdge servers, you could help your organization embrace cloud computing with confidence, potentially unlocking a new level of agility, scalability, and efficiency in your data center operations.

Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...

Principled Technologies

presentation ICT roal in 21st century education

jfdjdjcjdnsjd

AWS Community Day CPH - Three problems of Terraform

Andrey Devyatkin

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...

Neo4j

Created by Mozilla Research in 2012 and now part of Linux Foundation Europe, the Servo project is an experimental rendering engine written in Rust. It combines memory safety and concurrency to create an independent, modular, and embeddable rendering engine that adheres to web standards. Stewardship of Servo moved from Mozilla Research to the Linux Foundation in 2020, where its mission remains unchanged. After some slow years, in 2023 there has been renewed activity on the project, with a roadmap now focused on improving the engine’s CSS 2 conformance, exploring Android support, and making Servo a practical embeddable rendering engine. In this presentation, Rakhi Sharma reviews the status of the project, our recent developments in 2023, our collaboration with Tauri to make Servo an easy-to-use embeddable rendering engine, and our plans for the future to make Servo an alternative web rendering engine for the embedded devices industry. (c) Embedded Open Source Summit 2024 April 16-18, 2024 Seattle, Washington (US) https://events.linuxfoundation.org/embedded-open-source-summit/ https://ossna2024.sched.com/event/1aBNF/a-year-of-servo-reboot-where-are-we-now-rakhi-sharma-igalia

A Year of the Servo Reboot: Where Are We Now?

Igalia

Axa Assurance Maroc - Insurer Innovation Award 2024

The Digital Insurer

This presentations targets students or working professionals. You may know Google for search, YouTube, Android, Chrome, and Gmail, but did you know Google has many developer tools, platforms & APIs? This comprehensive yet still high-level overview outlines the most impactful tools for where to run your code, store & analyze your data. It will also inspire you as to what's possible. This talk is 50 minutes in length.

Powerful Google developer tools for immediate impact! (2023-24 C)

wesley chun

In this session, we will delve into strategic approaches for optimizing knowledge management within Microsoft 365, amidst the evolving landscape of Copilot. From leveraging automatic metadata classification and permission governance with SharePoint Premium, to unlocking Viva Engage for the cultivation of knowledge and communities, you will gain actionable insights to bolster your organization's knowledge-sharing initiatives. In this session, we will also explore how to facilitate solutions to enable your employees to find answers and expertise within Microsoft 365. You will leave equipped with practical techniques and a deeper understanding of how there is more to effective knowledge management than just enabling Copilot, but building actual solutions to prepare the knowledge that Copilot and your employees can use.

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Drew Madelung

The presentation explores the development and application of artificial intelligence (AI) from its inception to its current status in the modern world. The term "artificial intelligence" was first coined by John McCarthy in 1956 to describe efforts to develop computer programs capable of performing tasks that typically require human intelligence. This concept was first introduced at a conference held at Dartmouth College, where programs demonstrated capabilities such as playing chess, proving theorems, and interpreting texts. In the early stages, Alan Turing contributed to the field by defining intelligence as the ability of a being to respond to certain questions intelligently, proposing what is now known as the Turing Test to evaluate the presence of intelligent behavior in machines. As the decades progressed, AI evolved significantly. The 1980s focused on machine learning, teaching computers to learn from data, leading to the development of models that could improve their performance based on their experiences. The 1990s and 2000s saw further advances in algorithms and computational power, which allowed for more sophisticated data analysis techniques, including data mining. By the 2010s, the proliferation of big data and the refinement of deep learning techniques enabled AI to become mainstream. Notable milestones included the success of Google's AlphaGo and advancements in autonomous vehicles by companies like Tesla and Waymo. A major theme of the presentation is the application of generative AI, which has been used for tasks such as natural language text generation, translation, and question answering. Generative AI uses large datasets to train models that can then produce new, coherent pieces of text or other media. The presentation also discusses the ethical implications and the need for regulation in AI, highlighting issues such as privacy, bias, and the potential for misuse. These concerns have prompted calls for comprehensive regulations to ensure the safe and equitable use of AI technologies. Artificial intelligence has also played a significant role in healthcare, particularly highlighted during the COVID-19 pandemic, where it was used in drug discovery, vaccine development, and analyzing the spread of the virus. The capabilities of AI in healthcare are vast, ranging from medical diagnostics to personalized medicine, demonstrating the technology's potential to revolutionize fields beyond just technical or consumer applications. In conclusion, AI continues to be a rapidly evolving field with significant implications for various aspects of society. The development from theoretical concepts to real-world applications illustrates both the potential benefits and the challenges that come with integrating advanced technologies into everyday life. The ongoing discussion about AI ethics and regulation underscores the importance of managing these technologies responsibly to maximize their their benefits while minimizing potential harms.

Artificial Intelligence: Facts and Myths

Joaquim Jorge

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Martijn de Jong

A Domino Admins Adventures (Engage 2024)

Gabriella Davis

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Juan lago vázquez

Recently uploaded (20)

Tata AIG General Insurance Company - Insurer Innovation Award 2024

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

MINDCTI Revenue Release Quarter One 2024

Strategies for Landing an Oracle DBA Job as a Fresher

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf

Real Time Object Detection Using Open CV

Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...

presentation ICT roal in 21st century education

AWS Community Day CPH - Three problems of Terraform

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...

A Year of the Servo Reboot: Where Are We Now?

Axa Assurance Maroc - Insurer Innovation Award 2024

Powerful Google developer tools for immediate impact! (2023-24 C)

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Artificial Intelligence: Facts and Myths

2024: Domino Containers - The Next Step. News from the Domino Container commu...

A Domino Admins Adventures (Engage 2024)

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Cybersecurity overview - Open source compliance seminar

1. Cyber Security Overview Jeff Hildreth Sr. Account Executive Automotive & Aerospace/Defense Jeff.Hildreth@roguewave.com

2. Agenda • Why is this a reality in Automotive • How to mitigate risk • Augment existing processes to demonstrate security compliance 2

3. Cybersecurity. Why do I care?

5. Cyber Supply Chain Management and TransparencyAct of 2014

6. 6 Requirements Analysis System Design System Test Component Design Component Implementation Component Test System Integration Item Definition Hazard and Risk Analysis System Safety Concept System and Component Design Qualitative Safety Analyses Quantitative System Analyses Safety Case Verification and Validation SECURITY? ISO 26262

7. Accept Sprint 1 Sprint 2 Sprint n Release Change Adjust and Track Feedback Review Next Iteration No! Yes ! Release to Market Integrate and Test Integrate and Test Integrate and Test Agile Development – Integrated Security Characteristics • Multiple testing points • Rapid feedback required • “Outside” testing does not meet agile needs

8. Application code 3rd party components Ensure the open source code provider has a strong security plan APIs and Web Services Prevent buffer overflows and ensure your code is safe before adding it to your code Test your code Look for flaws early Make security a priority

9. 9© 2015 Rogue Wave Software, Inc. All Rights Reserved. Common attacks Organizations have failed to prevent attacks Lack of time Lack of focus Lack of tools/proper tools Survey: 1700 developers, 80% of them incorrectly answered key questions surrounding the protection of sensitive data SQL injection Unvalidated input Cross-site scripting Most breaches result from input trust issues Heartbleed: buffer overrun BMW patch: HTTP vs. HTTPS

10. © 2015 Rogue Wave Software, Inc. All Rights Reserved. Security is hard but it’s important 10 Agile, continuous integration, continuous delivery Understanding processes Educating teams Implementing tools Enforcing compliance Measuring success Adopting new standards Systems integrators vs. systems builders Multiple development teams

11. © 2015 Rogue Wave Software, Inc. All Rights Reserved. Who owns security? 11 Security is everyone’s responsibility Developers  Focused on making code functional  Meeting deadlines  Developing code faster  Security is an afterthought IT  Cleaning up the aftermath of breaches  Preventing system hacks  Creating a safe structure  Security is a priority Developers  Focused on making code functional  Meeting deadlines  Developing code faster  Security is an afterthought IT  Cleaning up the aftermath of breaches  Preventing system hacks  Creating a safe structure  Security is a priority Tools  Automate detection of vulnerabilities  Fit into existing processes  Aggregate reports to see trends

12. 12© 2015 Rogue Wave Software, Inc. All Rights Reserved. Understanding vulnerabilities Klocwork On-the-fly scanning OpenLogic Secure open source “On-the-fly” Analysis Build Analysis / Test Organizations need automation and scanning support

13. Open Source and CVE The Common Vulnerabilities and Exposures (CVE) system provides a reference- method for publicly known information-security vulnerabilities and exposures. MITRE Corporation maintains the system, with funding from the National Cyber Security Division of the United States Department of Homeland Security. CVE is used by the Security Content Automation Protocol, and CVE IDs are listed on MITRE's system as well as the US National Vulnerability Database. Audit your code Review CVE Monitor & Remediate

14. Defect reduction efforts OWASP, MISRA, ISO 26262 See where and how the defects are being reduced Chart defects and establish a baseline in order to focus on priorities Compliance of standards Continuous reporting & trending Agile development team: baseline scanning, triage the critical issues first

15. QUESTIONS dave.mclouglin@roguewave.com 15

Cybersecurity overview - Open source compliance seminar

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Cybersecurity overview - Open source compliance seminar

Similar to Cybersecurity overview - Open source compliance seminar (20)

More from Rogue Wave Software

More from Rogue Wave Software (20)

Recently uploaded

Recently uploaded (20)

Cybersecurity overview - Open source compliance seminar