As development teams aim to build secure, high-quality software without compromising time to market, it’s not an easy undertaking considering that modern software is not only comprised of proprietary code but also third-party components and tools. While security is of great importance in this equation, legal compliance and operational risk are additional aspects that need to be taken into account when working with open source code. There are many tooling solutions that can help incorporate all necessary considerations; however, time isn’t on our side with many of these solutions on the market.
Software composition analysis supports your teams’ endeavors to automate open source detection and inventory; set and enforce open source use policies early in the development process (when remediation is least disruptive and costly); identify open source license, security, and code quality issues across your codebases; and continuously monitor for and report new vulnerabilities even after applications and containers are deployed. Today, we’ll examine how and the value that this solution will bring to your organization’s software development and deployment processes.
Boris Cipot is a senior security engineer at Synopsys. He helps companies of all types and sizes build secure software. Boris joined Synopsys when Black Duck Software was acquired in 2017. He specializes in open source software security, robotics, and artificial intelligence. He also spent many years in cybersecurity in anti-malware software at F-Secure and Avira.
18:00: Talk: Securing Code Without Negatively Impacting Development Velocity