Watch webinars about application security, DevSecOps, open source license compliance and audit
Attacks on software supply chains have greatly accelerated the rate at which organizations are now embracing DevSecOps best practices to secure both legacy monolithic and emerging cloud-native applications. Adopting a DevSecOps approach can help maintain the speed of application development and deployment while ensuring the security and stability of applications. But the range of technologies...
The banking industry lives and dies by being fast, accurate, and completely dependable. It’s critical that you can detect, identify, and remediate software vulnerabilities as fast as possible, to reinforce application security most effectively. This is particularly vital with open source software that is increasingly prevalent in your sector, where its use continues to grow...
As a foundational element of the online world, applications are a top target for threat actors. However, traditional application security (AppSec) strategies often prove ineffective. To adapt and defend against our constantly evolving threat landscape, organizations need to build a modern AppSec strategy based on today’s digital world. Join Jeffrey Martin, VP of Outbound Product...
While software composition analysis (SCA) has been around for years, today’s analysts are enhancing their recommendation for enterprise development teams to use the technology. One example: at the recent Gartner Security and Risk Management Summit, Gartner analyst Dale Gardner said: “Managing open-source software is the easiest and most impactful thing you can do to improve...
Join our webinar to discover how you can use just one interface to find and fix open source and proprietary code security issues, and how to reduce the time it takes to fix issues, so no time is wasted researching.
In today’s digital world, open-source software is vital to modern application development. And as we know, what’s important to the business world is important to threat actors. But how can companies successfully combat the rising tide of vulnerabilities? Join experts from WhiteSource and Microsoft as they discuss the value of blending proactive practices to code...
Risks from application vulnerabilities have multiplied as more applications get developed. To address this issue, Static Application Security Testing (SAST) identifies security vulnerabilities in the custom code written by application developers. Simultaneously, Software Composition Analysis (SCA) safeguards the open-source components that comprise between 60% and 80% of the codebase in modern applications. Join Susan St.Clair,...
How prepared was your firm to handle the Log4j vulnerability that was announced in December 2021? The best firms were prepared and loaded for bear, and they completely mitigated and remediated their risk within hours of the announcement. What can you learn from their approach and how can you prepare for the next inevitable widespread...
Learn how the most popular JavaScript package manager, npm, is being used by malicious actors to launch attacks, run botnets and steal credentials and cryptocurrency. Attend this webinar to: Gain insight into the 1,300 malicious npm packages found by WhiteSource Diffend Learn how threat actors are using npms to launch attacks—and how to stop them...
Historically, if organizations wanted to automate and enforce application security testing, the best place to do that was within CI/CD pipelines. As time went on, we realized that while pipeline scanning has its place in securing applications, it doesn’t scale as more and more plugins are needed and with that, the task of managing them...
Join us to learn about typical time frames for NPM vulnerability detection and how to find the quickest and least painful path to remediation.
The announcement of Log4j vulnerability sent security and development teams into a tailspin — not once, but multiple times. Throughout it all, WhiteSource has been providing tools for discovery and automated remediation, and working closely with our customers. Join our experts to learn what has been going on, such as: What percentage of organizations were...
As Kubernetes adoption grows, its attack surface expands with it, allowing bad actors to find and exploit vulnerabilities in the cloud-native stack. In addition, the complexity of Kubernetes and the lack of proper security controls make the attacks targeting Kubernetes clusters and containers hosted in them a real risk for organizations. With the threat landscape...
When the zero-day vulnerability in Log4j was reported, most organizations immediately sprung into action. But anyone who’s dealt with a vulnerability this critical and ubiquitous in an enterprise organization knows it’s not an easy task. Even with the right tools and policies, mitigating this type of threat is always a challenge. In this webinar, our...
Research shows that open source supply chain attacks are now the #2 most common attack vector. The breach of SolarWinds showed just how devastating a software supply chain attack can be. Protecting the software supply chain is a complex challenge that includes code signing, identity and access management, policy and software composition analysis (SCA).
When you ask developers their thoughts on security, they’ll likely tell you security is slowing them down and getting in the way of their ‘actual’ job. But it doesn’t have to be that way; with the right tools and processes in place, the friction between developers and security teams can be reduced, if not eliminated...
With each passing year, open source software use increases. But this trend does not come without a price. Modern software’s heavy reliance on open source components created space for exploitation by malicious actors. New threats are challenging to detect and to protect against. This session should arm you with knowledge about the risks and practical...
As organizations struggle to keep the application layer secure, more security tasks are added to developers’ already heavy workloads. The result: alert fatigue, friction between security and development teams and, ultimately, higher risk as security debt continues to grow. Clearly, requiring developers to become instant security experts is not a viable option. What are the...
The sharp increase in attacks on organizations’ software supply chains requires policy makers to address supply chain risks with a more structured approach. President Biden’s Cybersecurity Executive Order #14028 and NTIA’s Software Component Transparency initiative aim to strengthen supply chain security through advanced visibility over organizations’ software bill of materials (SBOM). It’s crucial to formulate...
Over the past years, attacks on the application layer have become more and more common. Recent research reports on reducing enterprise AppSec risks have found that the highest level of security risk is considered by many to be in the application layer. Applications remain a top cause of external breaches, and the prevalence of open...
As organizations AppSec tools and practices shift left in the DevOps pipeline, development teams are required to assume responsibility for security tasks. While this is an important step toward achieving DevSecOps maturity, integrating application security testing tools risks burying developers under a seemingly never-ending list of security alerts. How can organizations make sure that development...
In this webinar, SonarSource and WhiteSource share how empowering developers with the right tools positively impacts application security.
Open source adoption is increasing rapidly within the financial services industry. Thanks to cutting edge technologies, affordability, flexibility, and the power of the open source community – more and more financial institutions are encouraged to integrate open source components into their investment and more data processing systems. Meanwhile, the industry’s growing list of compliance initiatives...
O volume de ataques maliciosos a sistemas continua aumentando ano após ano, com um número cada vez maior de hackers aproveitando o uso crescente do código aberto durante o desenvolvimento de software para distribuir pacotes maliciosos e explorar vulnerabilidades novas ou já conhecidas. Inscreva-se neste webinário onde vamos tratar de soluções para ajudar no desafio...
With the growing adoption of SCA, a technology that provides both developer-focused tools and governance solutions, more companies place developers, IT, security, and legal on the same page. This is the case of global cloud communications provider Vonage, which needed a SCA solution that could integrate both open source security and license compliance checks automatically...
Achieving Automated Open Source Security with DevSecOps DevSecOps sets out to relieve the costly and stressful delays that can occur when security testing is performed late in the game, by setting up processes and tools for “shifting left” so security testing can happen early and often. As organizations continue to embrace this DevSecOps approach, testing...
Should a modern security strategy be based on the assumptions that source code will never be leaked, or that “internal” networks will never be breached? Join AWS, HackerOne and WhiteSource’s upcoming virtual roundtable discussion where our industry experts will discuss how the importance of security threats have changed as companies and products shift to a...
The days when financial institutions were hesitant to adopt open source software are over. Today, even the largest firms and banks in the financial sector have realized the massive benefits of using open source technology to build powerful, innovative applications at a reduced time-to-market. Join our live panel discussion led by industry leaders from Wells...
In this webinar, we will suggest a simple framework to the open source vulnerability management challenge and few ways to secure your software supply chain and reduce potential risk.
It’s no secret that 2020 was a difficult year. The pandemic and as a result, the lockdowns and quarantines sent tens of millions of global workers home, and the remote work caused a dramatic increase in the number of ransomware, phishing attacks, and accidental breaches by employees working at home. Despite the increases in these...
OpenChain ISO/IEC 5230 is the International Standard for open source license compliance. Its relevance to modern software development is growing and it allows companies of all sizes and in all sectors to adopt the key requirements of a quality open source compliance program. The need to manage the software supply chain has never been more important given the ever-increasing dependence on third party...
The growing scale of Open Source adoption requires organizations to invest in implementing the right tool sets and processes to govern an increasingly complex Open Source licensing landscape, as well as minimize the potential legal risks. The application of these policies and processes can be collectively referred to as an Open Source Governance framework. Investing...
WhiteSource, in conjunction with Ponemon Institute, recently surveyed over 600 IT and IT security practitioners who are familiar with their organizations’ approach to securing applications – and here’s a spoiler: the highest level of security risk is considered by many organizations to be in the application layer. So what can Enterprise organizations do to reduce...
When you ask developers what they think of security, they will likely go into the situation without much enthusiasm as in their mind – security is slowing them down and holding them back from doing their “actual” job. But – it doesn’t necessarily have to be that way. The friction between developers and security teams...
As part of their journey to Digital Transformation, Oil & Gas enterprises are shifting their focus on becoming agile through DevOps in order to provide efficiency and productivity. Because there is no single standard DevOps methodology, many companies are finding it challenging to manage security requirements, which contributes to a slow start, slow delivery, and...
The software world is alive with talk of shifting left – but what does it really mean? Theoretically, it means shifting responsibility for security & compliance to developers. In practice, it largely means enriching CI/CD processes to detect problematic licenses & vulnerabilities before they reach the main branch or production. Shiri Arad Ivtsan, Director of Product Management at WhiteSource will discuss...