Your SlideShare is downloading. ×
Once Upon A Time in Application Security land...A true story of how application security and development came together to fix the risk in open source...
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Once Upon A Time in Application Security land...A true story of how application security and development came together to fix the risk in open source...

627
views

Published on

Did you know that that today's software applications are predominately assembled from pre-built "building blocks" otherwise known as open source components? And research shows that 71% of these …

Did you know that that today's software applications are predominately assembled from pre-built "building blocks" otherwise known as open source components? And research shows that 71% of these applications have at least one critical vulnerability (not to mention legal and licensing risks).

While this dependence on 3rd party and open source components is one of any organizations' greatest exposures, the good news is that it is also one of the easiest to tackle.

Published in: Technology

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
627
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
1
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Once upon a time... There was a great battle between SPEED and SECURITY.
  • 2. Development wanted to GO FAST. But, Security wanted to slow down and BE SAFE.
  • 3. For years... they endured the pain of late testing, false positives... and the added costs of getting the bad stuff out. There HAD to be a better way!
  • 4. And then... there came... THE REVOLUTION! The COMPONENT revolution. Code became like Legos® applications easily assembled from thousands of freely available parts, Developers ran even FASTER, and Security found it even harder to SECURE.
  • 5. Together, they pondered... "How can we keep SAFE at this even FASTER speed of development?" "How can we SECURE this new Lego® 'software supply chain'?"
  • 6. After much self - reflection... the ANSWER revealed itself: Bring SECURITY and SPEED together by building component intelligence and governance in from the START... using all the tools developers love to use today!
  • 7. And so it was. The birth of a new way to secure the software supply chain... where developers went FAST and applications were SAFE. And this REVOLUTIONARY, yet SIMPLE approach came to be called...
  • 8. A new way to... AUTOMATE and enforce GOVERNANCE in the tools you use today. 5 olicy, security and licensing information guides developers to select the best components in P their development environment.
  • 9. A new way to... REMEDIATE RISK early in the process to reduce risk and cost. 5 ptimal components can be selected and application flaws can be remediated with a single click. O
  • 10. A new way to... CENTRALIZE POLICIES that ensure license and security risks are managed throughout the software lifecycle. 5 Security, licensing and architecture policies are easily defined and enforced throughout the software lifecycle.
  • 11. A new way to... PRECISELY IDENTIFY and track all components used in your organization, from consumption to production. 5 ccurate and comprehensive component inventory provides visibility across the software lifecycle. A
  • 12. A new way to... TRULY ACHIEVE defense-in-depth with enforcement points throughout the software lifecycle. 5 he CLM model for component governance automates policy management and approvals T throughout the software lifecycle with enforcement points in the repository, IDE and CI Server.
  • 13. A new way to... PROTECT your production applications with proactive alerts for newly discovered vulnerabilities. 5 ewly discovered threats are continuously reported ensuring N trust from design through production.
  • 14. A new way to... ASSESS ENTERPRISE RISK and support your compliance and regulatory initiatives. 5 ashboards and reports provide a complete view of global risk D supporting regulatory and compliance initiatives.
  • 15. And so it came be to... the people of the kingdom ushered in a NEW ERA of application security and lived in HARMONY ever more.
  • 16. The end. Revolutionize your approach to software security! Start with a FREE snapshot of your current application vulnerabilities: www.sonatype.com/go-fast-be-secure Or learn more at: www.sonatype.com/clm/product-tour
  • 17. 12501 Prosperity Drive, Suite 350 · Silver Spring, MD 20904 · 1.877.866.2836 · www.sonatype.com

×