[Webinars] How to risk rank vulnerabilities, insights from BSIMM10
Learn about five ways to approach risk ranking in vulnerability management, and hear key insights into real-life software security programs from BSIMM10.
5 Ways to Risk Ranking Your Vulnerabilities
Vulnerabilities are an inevitable part of software development and management. Whether they’re in open source or custom code, new vulnerabilities will be discovered as a codebase ages. As stated in the 2019 Open Source Security and Risk Analysis report, 60% of the codebases audited in 2018 contained at least one known vulnerability. As the number of disclosures, patches, and updates grows, security professionals must decide which critical items to address immediately and which items to defer.
Register for this webinar to learn best practices in vulnerability management. You’ll learn:
- Methods for determining which applications are most attractive to attackers and which pose the greatest risk
- Ways to assess the risk associated with a disclosed open source vulnerability
- Strategies to minimize the impact of open source security vulnerabilities when you can’t fix them immediately
What: 5 Ways to Risk Ranking Your Vulnerabilities
When: Available on demand
Who: Nivedita Murthy, security consultant, Synopsys
BSIMM10: A Decade of Software Security Science
The Building Security In Maturity Model (BSIMM) is a data-driven model developed through the analysis of software security initiatives (SSIs), also known as application/product security programs. Register for this webinar to learn what 122 organizations in eight industry verticals are doing to improve their software security efforts. We’ll discuss:
- How organizations are building their software security initiatives
- How DevOps is affecting the way organizations perform software security
- How emerging engineering-driven security cultures are changing approaches to software security
What: BSIMM10: A Decade of Software Security Science
When: Available on demand
Who: Drew Kilbourne, managing director, Synopsys
More from Open Source Security
- Agile, CI/CD, and DevOps
- API security testing
- Application security best practices
- Application security orchestration and correlation
- Application security program strategy and planning
- Application security threat and risk assessment
- Automotive cyber security
- Cloud cyber security
- Container security
- Cybersecurity Research Center
- DevSecOps
- Dynamic application security testing
- Financial cyber security
- Fuzz testing
- Healthcare cyber security
- Interactive application security testing
- Internet of Things cyber security
- Medical devices cyber security
- Mergers and acquisitions due diligence
- Mobile application security
- Penetration testing
- Public sector cyber security
- Security and developer training
- Software compliance quality and standards
- Software composition analysis
- Software Integrity Group’s products and services
- Static application security testing
- Telecommunications and network cyber security
- Threat modeling
- Web application security