Posted by Fred Bals on November 5, 2018
Today’s software contains on average more than 50% open source. That’s why organizations with foresight are including software composition analysis in their security plans. FLIGHT East 2018 was full of tips, techniques, applications, and solutions for open source security. Here are some of the presentations.
Today’s software contains significant amounts of open source, on average more than 50%, according to a 2018 Synopsys study. That’s why organizations with foresight are including software composition analysis best practices and solutions in their security plans to protect their applications from open source risks.
In late September, experts from Black Duck, Synopsys, and leading organizations from around the world gathered at FLIGHT East 2018 for three days of technical and educational discussions focused on open source security and open source license compliance.
Were you lucky enough to attend this year’s FLIGHT East? If so, you heard about tips, techniques, applications, and solutions to deliver secure, high-quality software at the speed of DevOps. But if you couldn’t attend FLIGHT East 2018, here’s the next best thing: Many of the presentations are now online.
Learn how DocuSign implements Black Duck in continuous development pipelines—including API integrations, data visualization, and the automatic generation of compliance evidence using DocuSign envelopes—in Black Duck at DocuSign.
Adam Kessel (litigation principal, Fish & Richardson) discusses issues that arise at the intersection of patent protection and open source licensing in his presentation Patents and Open Source: Known and Unknown Risks. Many companies wonder whether it’s still worth pursuing patents on technology they’ve released under open source licenses. Others are concerned that using, contributing to, or distributing open source software will compromise their patent strategy. This presentation covers business and legal strategies for answering both sorts of questions. Adam also looks at existing case law guidance on these risks.
Continuous integration is a development practice where developers integrate code into a shared repository several times a day. Dr. Robert Burnett (director of software engineering, L-3 Communications) examines why continuous integration is a fundamental change in thinking about software development, basic steps to get on the continuous integration path, team responsibilities, and a checklist for success in Continuous Integration—An Overview.
Timehop, an app developer, experienced a network intrusion that led to a breach of customer data. In Handling a Data Breach Under GDPR, Timehop representatives cover:
The universal first step for open source security is performing an audit of a codebase. But what do you do once you have the audit report? In You’ve Got Your Open Source Audit Report, Now What?, top open source legal experts Anthony Decicco (shareholder, GTC Law Group & Affiliates) and Leon Schwartz (associate, GTC Law Group & Affiliates) team up to explain. They discuss best practices and steps you should be taking today for managing open source software in your organization and before and during transactions. Topics covered include the following:
In their presentation Data Breaches and the Law, Georgie Collins and Dan Hedley (Irwin Mitchell, LLP) take a look at the intersection of GDPR and open source software management and the laws. Topics include:
When it comes to adopting containers in the enterprise, security is the highest adoption barrier. Is your organization ready to address the security risks with containers for your DevOps environment? In A DevOps State of Mind, you’ll learn about:
Get the latest Software Integrity news, thought leadership, and more.