Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Webinar: "Il software: la strategia vincente sta nella qualità"

117 views

Published on

Con i sempre più numerosi security breaches che si verificano ogni settimana, è di vitale importanza che la sicurezza e il DevOps lavorino insieme per integrare e semplificare il delivery, bilanciando la velocità e la sicurezza senza alcun compromesso. Implementa la tua strategia DevOps, senza rinunciare alla sicurezza e alla qualità del software.

Published in: Software
  • If you’re struggling with your assignments like me, check out ⇒ www.HelpWriting.net ⇐.
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • DOWNLOAD THE BOOK INTO AVAILABLE FORMAT (New Update) ......................................................................................................................... ......................................................................................................................... Download Full PDF EBOOK here { https://redirect.is/fyxsb0u } ......................................................................................................................... Download Full EPUB Ebook here { https://redirect.is/fyxsb0u } ......................................................................................................................... Download Full doc Ebook here { https://redirect.is/fyxsb0u } ......................................................................................................................... Download PDF EBOOK here { https://redirect.is/fyxsb0u } ......................................................................................................................... Download EPUB Ebook here { https://redirect.is/fyxsb0u } ......................................................................................................................... Download doc Ebook here { https://redirect.is/fyxsb0u } ......................................................................................................................... ......................................................................................................................... ................................................................................................................................... eBook is an electronic version of a traditional print book THE can be read by using a personal computer or by using an eBook reader. (An eBook reader can be a software application for use on a computer such as Microsoft's free Reader application, or a book-sized computer THE is used solely as a reading device such as Nuvomedia's Rocket eBook.) Users can purchase an eBook on diskette or CD, but the most popular method of getting an eBook is to purchase a downloadable file of the eBook (or other reading material) from a Web site (such as Barnes and Noble) to be read from the user's computer or reading device. Generally, an eBook can be downloaded in five minutes or less ......................................................................................................................... .............. Browse by Genre Available eBOOK .............................................................................................................................. Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, CookBOOK, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult, Crime, EBOOK, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, ......................................................................................................................... ......................................................................................................................... .....BEST SELLER FOR EBOOK RECOMMEND............................................................. ......................................................................................................................... Blowout: Corrupted Democracy, Rogue State Russia, and the Richest, Most Destructive Industry on Earth,-- The Ride of a Lifetime: Lessons Learned from 15 Years as CEO of the Walt Disney Company,-- Call Sign Chaos: Learning to Lead,-- StrengthsFinder 2.0,-- Stillness Is the Key,-- She Said: Breaking the Sexual Harassment Story THE Helped Ignite a Movement,-- Atomic Habits: An Easy & Proven Way to Build Good Habits & Break Bad Ones,-- Everything Is Figureoutable,-- What It Takes: Lessons in the Pursuit of Excellence,-- Rich Dad Poor Dad: What the Rich Teach Their Kids About Money THE the Poor and Middle Class Do Not!,-- The Total Money Makeover: Classic Edition: A Proven Plan for Financial Fitness,-- Shut Up and Listen!: Hard Business Truths THE Will Help You Succeed, ......................................................................................................................... .........................................................................................................................
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

Webinar: "Il software: la strategia vincente sta nella qualità"

  1. 1. • Emerasoft srl • Mission • Vision • Solutions Monica Burzio– Emerasoft Ugo Ciracì – Emerasoft Steve Millard - Sonatype Emerasoft Srl
  2. 2. Data di nascita: 2005 Dove siamo: Via Po, 1 – Torino Piazzale Luigi Sturzo, 15 - Roma “Il nostro impegno è nella costante ricerca della migliore soluzione per il cliente, garantendo eccellenza nella qualità di servizi e prodotti proposti. La nostra promessa è di svolgere il nostro lavoro con costanza e passione” Emerasoft Srl
  3. 3. DevOps IoT Testing ALM SOA Business Intelligence Security University ALM+PLM standard compliance BRMS User Experience SS4B Enterprise Mobility agile IoD BPM OpenSource APIUsability Compliance Management ITSM Solutions
  4. 4. DevOps IoT Testing ALM SOA Business Intelligence Security University ALM+PLM standard compliance BRMS User Experience SS4B Enterprise Mobility agile IoD BPM OpenSource APIUsability Compliance Management ITSM Solutions
  5. 5. Agenda Webinar: “Il software: la strategia vincente sta nella qualità” APRILE • La Supply Chain del software • Devops e sicurezza: lo scenario attuale • Sonatype Nexus per un software di qualità • Q&A Il webinar di oggi Ugo Ciracì DevOps Specialist @Emerasoft NOVEMBRE 8 Steve Millard International Partner Business Manager @Sonatype
  6. 6. 2017 State of the Software Supply Chain
  7. 7. Say Hello to Your Software Supply Chain… State of the Software Supply Chain
  8. 8. 1,096 new projects per day 10,000 new versions per day 14x releases per year • 3M npm components • 2M Java components • 900K NuGet components • 870K PyPI components State of the Software Supply Chain
  9. 9. 59 52 State of the Software Supply Chain
  10. 10. 80% to 90% of modern apps consist of assembled components. State of the Software Supply Chain
  11. 11. State of the Software Supply Chain
  12. 12. 80% to 90% of modern operations consist of assembled containers. Containers Hand-built applications and infrastructure State of the Software Supply Chain
  13. 13. NOT ALL PARTS ARE CREATED EQUAL State of the Software Supply Chain
  14. 14. 233 days MeanTTR 119 days MedianTTR 122,802 components with known vulnerabilities 19,445 15.8% fixed the vulnerability TIME TO REPAIR OSS COMPONENTS State of the Software Supply Chain
  15. 15. zero days mean time to repair CVE ID: CVE- 2017-5638 March 7 Apache fixed the vulnerability March 7 APACHE STRUTS2 MEAN TIME TO REPAIR State of the Software Supply Chain
  16. 16. @weekstweets State of the Software Supply Chain
  17. 17. 6-IN-10 HAVE OPEN SOURCE POLICIES State of the Software Supply Chain
  18. 18. 125,701 Java component downloads annually 7,428 5.8% with known vulnerabilities 7,500 ORGANIZATIONS ANALYZED State of the Software Supply Chain
  19. 19. DEFECT PERCENTAGES FOR JAVASCRIPT State of the Software Supply Chain
  20. 20. 5 Month Opportunity to Take Corrective Action Large Scale Exploit March 10 Equifax applications breached through Struts2 vulnerability AprMar May Jun Jul Aug Sept March 7 Apache Struts releases updated version to thwart vulnerability CVE-2017-5638 July 29 Breach is discovered by Equifax. Sept 7 A new RCE vulnerability is announced and fixed. CVE-2017-9805 Probing Hack Crisis Management Il caso: Equifax
  21. 21. TIME TO RESPOND BEFORE EXPLOITSource: Adapted from IBM X-Force / Analysis by Gartner Research (September 2016) Year of Date Reported 2006 2007 2008 2009 2010 2011 2012 2013 2104 2015 10 20 30 40 50 0 AverageDaystoExploit Average 45 15 2017 Il caso: Equifax
  22. 22. 9 years later, vulnerable versions of Bouncy Castle were downloaded… 11M CVE-2007-6721 CVSS Base Score: 10.0 HIGH Exploitability Subscore: 10.0 23M 2007 2016 BOUNCY CASTLE Bouncy Castle
  23. 23. 18,330,958 78% downloads were vulnerable COMMONS COLLECTION CWE-502 23,476,966 total downloads in 2016 Software Supply Chain
  24. 24. Trusted Partially Trusted Untrusted Reliably sourced without any digital risk accessing Some attributes of trust but no confirmation No demonstrabl e proof of trust Level of trust Burdentoverifyandlevelofrisk Source: Gartner, May 2017 HOW OLOGY AND PRESS HELP? Software Supply Chain
  25. 25. Trusted Partially Trusted Untrusted Reliably sourced without any digital risk accessing Some attributes of trust but no confirmation No demonstrabl e proof of trust Level of trust Burdentoverifyandlevelofrisk Source: Gartner, May 2017 HOW OLOGY AND PRESS HELP? Software Supply Chain
  26. 26. TRUSTED SOFTWARE SUPPLY CHAINS Software Supply Chain
  27. 27. THE REWARDS ARE IMPRESSIVE 90% improvement in time to deploy 34,000 hours saved in 90 days 48% increase in application quality Software Supply Chain
  28. 28. Businesses decide where and how to invest in cybersecurity based on a cost-benefit assessment but they are ultimately liable for the security of their data and systems. U.K.’s National Cyber Security Strategy 2016 - 2021
  29. 29. 1. You are using more open source than you think 2. There are good parts and bad components 3. You are responsible for your component choices 4. The new normal for getting business requirements into production is 3 days 5. It’s time to have the conversation internally Five Takeaways
  30. 30. Contenuti disponibili su: Canale slideshare di Emerasoft Canale Youtube Emerasoft Visita il nostro sito emerasoft.com Contattaci: sales@emerasoft.com @ WWW Emerasoft Srl
  31. 31. Segui i nostri canali… www.emerasoft.com sales@emerasoft.com Emerasoft Srl via Po, 1 – 10124 Torino Piazzale Luigi Sturzo, 15 - 00144 Roma T +39 011 0120370 T +39 06 87811323 F +39 011 3710371 Grazie… Contatti

×