For a CISO, open source introduces a new source of risk and unique security challenge: how do you influence developers over whom you have no direct management control? Jennifer Bayuk, former CISO of Bear Stearns, provides insight on best practices for evaluating, deploying and managing open source code.
Using open source code is not necessarily a problem, but not knowing what open source you’re using can be extremely dangerous, particularly when so much open source contains security flaws. In fact, the latest Future of Open Source Survey found that:
- 55 percent of respondents had no formal policy or procedure for open source consumption
- 98 percent were unaware of the open source code they were using
"Application Security in 2016," a complimentary report from Black Duck Software, considers the key application security challenges your organization will face, with a special focus on staying both agile and secure with open source. Download the report today!
The Business Case for Data Protection, conducted by Ponemon Institute and sponsored by Ounce Labs, is the first study to determine what senior executives think about the value proposition of corporate data protection efforts within their organizations. In times of shrinking budgets, it is important for those individuals charged with managing a data protection program to understand how key decision makers in organizations perceive the importance of safeguarding sensitive and confidential information.
CA Live API Creator creates application back-ends exposing enterprise-class REST/JSON APIs, including access to existing
data and applications. It enables developers to create new REST endpoints that join data across diverse data sources using
role-based security and interactive testing.
The CA Live API Creator Reactive Logic model yields systems that are highly scalable and reliable. Its optimized services
run more efficiently and with less fragility than services manually coded by skilled developers and architects.
Published By: CheckMarx
Published Date: Apr 03, 2019
We live in an era of digital transformation.
Software is the backbone of this digital
transformation. Mobile, cloud, open
source, Internet of Things, microservices
and AI have made software more
complex. Over 80% of the code in
today’s software applications is open
source. Estimates show that there will
be 30 billion connected IOT devices by
2020. Furthermore, 85% of customer
interactions will be computer managed
by 2020. Software is everywhere. While
software has gotten more complex, timeto-market is the new name of the game
and enterprises can’t risk security slowing
This webinar explores 12 of the most common security traps in Java by examining the causes of security failures in modern Java–based applications. Approaching security with an “outside in” style, we look at vulnerabilities from a developer’s perspective, focusing on the source code.
Published By: Quick Base
Published Date: Dec 18, 2017
IT leaders are in a tough spot. Business leaders need help improving processes, but IT needs to focus resources on its own mission-critical innovation projects. Over the past 18 months IT backlogs have risen by 29%, resulting in growing tensions between IT and the business. Across industries, IT leaders are increasingly turning to no-code application development to free themselves from the burden of the backlog.
In this 30-minute webinar, Adam Hoover, Solutions Engineer at Quick Base, Inc. will discuss how a no-code application development platform can enable you to drastically reduce your backlog and keep your team focused on the projects that have the greatest impact. He’ll cover how to identify partnership opportunities between the business and IT – and share three effective models for working together while maintaining high quality across the IT ecosystem.
Digital technology is creating change at a pace never seen before. Customers now expect speed, ease, choice and a personalised service. It makes customer experience key to success. And it sets merchants a challenge. To survive, and thrive, businesses need to stay agile in everything they do –including how they manage fraud. As the people who set the strategy that determines if an order is
accepted or not, fraud teams have a pivotal role to play in improving customer experience and reducing risk. This makes fraud management more than a back-office utility. It’s a way to differentiate your business and achieve a competitive advantage.
This is the question we put to three specialists from CyberSource – as well as Chris Monk from digital literacy agency Decoded. This report reflects their expert opinion, and explores:
• The changing landscape for businesses.
• The key challenges for fraud teams.
• How to develop an agile fraud solution
This report is the result of the largest public-private sector research project focused on open source software integrity, originally initiated between Coverity and the U.S. Department of Homeland Security in 2006. The results from the 2010 edition of the Coverity Scan Open Source Integrity Report detail the findings of analyzing more than 61 million lines of open source code from 291 popular and widely-used open source projects such as Android, Linux, Apache, Samba and PHP, among others.
"Agile" software development is an increasingly popular development process for producing software in a flexible and iterative manner that can deliver value to the enterprise faster, reduce project risk and allow adaptation to changes more quickly.
Jusqu’à présent, les améliorations du datacenter se sont limitées à la réduction des coûts et à des solutions ponctuelles. La consolidation des serveurs, le Cloud computing, la virtualisation et l’implémentation de stockage Flash ont contribué à réduire la prolifération des serveurs, ainsi que les coûts de personnel et d’installations associés. Regroupant ressources de calcul, de stockage et de réseau au sein d’une même solution, les systèmes convergés se révèlent particulièrement efficaces dans la baisse des dépenses de personnel et de fonctionnement. Ces systèmes définis par logiciel (software-defined) exigent peu d’interventions humaines. Le code intégré dans le logiciel configure le matériel et automatise de nombreux processus autrefois manuels, ce qui réduit considérablement le risque d’erreurs humaines. Ensemble, ces technologies ont permis aux entreprises d’améliorer progressivement les processus et stratégies d’engagement client et de prestation de services.
Today, when you make decisions about information technology (IT) security priorities, you must often strike a careful balance between business risk, impact, and likelihood of incidents, and the costs of prevention or cleanup. Historically, the most well-understood variable in this equation was the methods that hackers used to disrupt or invade the system.
GigaOm is seeing a new breed of services that promise to accelerate the mobilization of existing enterprise applications and business processes. Early mobile-application development solutions (MADP) were resource-intensive, requiring custom client code for each supported platform, as well as an on-premise middleware layer to connect mobile clients to enterprise backend systems. In this new model, code-free, configuration solutions - aimed at business analysts and lines of business- are revolutionizing the landscape, consolidating tools and services to simplify cross-platform enablement, and reducing time to deploy and cost tremendously.
This report describes mobile-application configuration (MAC) tools, articulates their business value and suggests conditions under which they may be a good choice for an organization.
Today's artifical intelligence (AI) solutions are not sentient in the manner popularized in science fiction by scores of self-aware and typically nefarious androids. Even so, the ability to arm such systems with the ability to directly sense and respond to their in situ environment is critical. Why? In the future, our experiences will be smart, intuitive and informed by analytics that are not seen
but felt via new business, personal and operational engagement models. Enabling this interaction requires AI applications that can sense, analyze and respond to their environment in an intelligent
and interactive manner. Without requiring the end user to write, understand or interpret code.
“Sensitive” artificial intelligence enables:
• More productive use of expanded (big, often unstructured) information sources
• Intuitive man-machine interactions (no code-speak here!)
• Adaptive, immersive experiences and environments
As frequently touted on the nightly news, AI’s popularity is clear. Ho
Discover how to break down IT silos and increase agility for globally and technically diverse teams by using a DevOps approach with an open, unifying platform for z/OS mainframes. Find out how enterprises reduce cost and risk for source code management (SCM) strategy.
Published By: Klocwork
Published Date: May 11, 2011
This white paper examines how the next generation of source code analysis tools are moving high-quality source code analysis to the developer's desktop and performing it at the earliest point in the development cycle - before code check-in. Learn why the developer must be an integral part of the process of identifying, fixing and preventing bugs from reaching the code stream.
In this webinar Black Duck Software (www.blackducksoftware.com), together with representatives of SAP, will review the benefits open source offers to development organizations, the management challenges it presents, and approaches for addressing those challenges.
Published By: Red Hat
Published Date: Jan 06, 2014
Struggling to keep up with increasing application demand? Platform as a Service (PaaS) can streamline application development processes and make resource management easy with auto-scaling and consistent integration. Learn how OpenShift Enterprise can help architects standardize development processes, while letting developers focus on their code.
What if we stopped arguing over which analytics software is best, and decided instead to use them all? With today’s analytics technologies, the conversation about open analytics and commercial analytics is no longer an either/or discussion. You can now combine the benefits of SAS and open source analytics within your organization. Download this e-book to learn how businesses in multiple industries are integrating disparate code and information to deploy models and deliver critical results with analytics.
"For years, developers have known that one of the best ways to reassure users is by signing code using a digital signature accessed via a private key issued by a respected certificate authority. But signed code is not invulnerable. Due to lax key security and vetting processes, malware has managed to infiltrate applications with signed code.
Extended Validation (EV) Code Signing Certificates help to halt malware infiltration by requiring a rigorous vetting process and helping ensure that private key security cannot be compromised. EV certificates require a hard token and associated PIN in order to sign code, introducing a more secure physical factor of authentication to the signing process. The EV Code Signing process provides browsers, operating systems, and security software an additional source of confidence in applications signed with an EV certificate.
Read the white paper, Protect Your Applications—and Reputation—with Symantec EV Code Signing, to learn:
• Key background on the latest malware threats
• How you can provide users with reassurance that your application is safe to download
• Why EV Code Signing Certificates represent the next step in advanced website security and their effectiveness
• How you can help provide a frictionless experience when users attempt to download your application
Published By: Microworld
Published Date: Dec 12, 2007
Due to its nature of open source code, Linux is fast becoming popular and is being deployed in ever increasing numbers on mail servers, corporate networks and desktops. Till recently, systems running on Linux were relatively free from virus and other threats. But with the greater penetration of Linux operating systems, virus authors have begun to target them.
Read this case study to learn how ScienceLogic employs Black Duck to:
- Identify open source throughout their code base
- Determine possible license violations and conflicts
- Know when new threats are reported
DatacenterDynamics is a brand of DCD Group, a global B2B media and publishing company that develops products to help senior professionals in the world's most ICT dependent organizations make risk-based infrastructure and capacity decisions.
Our portfolio of live events, online and print publishing, business intelligence and professional development brands are centred on the complexities of technology convergence. Operating in 42 different countries, we have developed a unique global knowledge and networking platform, which is trusted by over 30,000 ICT, engineering and technology professionals.
Data Centre Dynamics Ltd.
102-108 Clifton Street
London EC2A 4HW