Bridging the Gap Between Your Security Defenses and Critical DataIBM Security
View on-demand recording: http://securityintelligence.com/events/bridging-the-gap-between-your-security-defenses-and-critical-data/
Many organizations are struggling with the growing gap between the vulnerability of critical data and security defenses. You need visibility at all times to prevent external and internal database breaches. Your organization can't lose sight of the importance of the integrity of your data, including unauthorized changes and suspicious activity.
You will learn how combining the industry-leading security intelligence capabilities of IBM QRadar Security Intelligence Platform with the robust data security capabilities of IBM Security Guardium data activity monitor, organizations can gain actionable insights to reduce security risks at all layers and boost compliance across the enterprise.
In this live webinar, Sally Fabian, IBM Data Security Technical Specialist, will discuss:
- Architecture and integration points
- Real-time alerts and reporting
- Vulnerability assessments according to your risk score
- Security intelligence event log collection and analytics
- Actionable insights from security events
Introduction to Software Licensing is a powerpoint presentation that I made up to raise our company\'s awareness about the use of proprietary software and the laws involve in it.
Skeletons in the Closet: Securing Inherited ApplicationsDenim Group
Many security officers worry less about the security of new applications being built and more about the security of hundreds of applications they inherited. What applications represent the biggest risk? What attributes make them more or less risky? What are the most cost-effective courses of action given budget constraints in today’s business environment? This interactive workshop will help participants understand how to attack this problem and create a risk-based approach to managing the security of an existing application portfolio using tools like the OWASP ASVS model. The session will decompose an example application to determine how to conduct a bottom-up risk profile for future risk comparison against other applications. The audience will also participate in an exercise comparing different applications to better understand the ranking process. The audience will leave with a framework, action plan and basic understanding of the risk-ranking process that they can immediately apply to their work environment.
InDorse Tech Red Herring 100 Presentation FinalRob Marano
Winning presentation given at the 2010 Red Herring 100 North America Competition in Coronado, CA, on June 23, 2010 by Rob Marano, CEO & President of InDorse Technologies.
Current challenges in Software License Management - and solutionsDominic Haigh
Independent software vendors (ISVs) have to deal with many issues in securely protecting their revenues while meeting customers' demands for convenience and flexibility. For example, Internet-based activation works well for both ISVs and their users, but what about users whose systems have no Internet connection, or whose system crashes, or who need to relocate their license, or who want to regularly renew a subscription license or update a usage-based license?
Perhaps product activation will work for the majority of customers, but how do ISVs support enterprise customers who want floating licensing or activation of licenses from a pool?
Securing a license by locking it to hardware parameters of your user's system is a proven approach for copy protection, but what about virtual systems, where hardware parameters can change for legitimate users?
Perhaps an ISV needs to upgrade from an insecure and cumbersome in-house or obsolete commercial licensing tool - how can they smoothly migrate their products and customers to a modern licensing solution, and minimize the development effort required?
This presentation covers these topics and more, and describes practical solutions with case studies of how ISVs are using them today to securely protect their revenues.
Biztec addresses medium-and large-sized companies with enterprise-wide collaborative planning and management solutions. We also provide consulting services by helping companies recognize opportunities for using technology to streamline their business processes.
Our solutions are classified as
Web Applications / Portals
Cloud Computing
Windows Applications
Web Designing
Visit Us:
www.biztecsolutions.com
Tips and Tricks for Building Secure Mobile AppsTechWell
Mobile application development is now a mission-critical component of IT organizations and a big part of software industry’s landscape. Due to the security threats associated with mobile devices, it is critical we build our apps—from the ground up—to be secure and trustworthy. However, many application developers and testers do not understand how to build and test secure mobile applications. Jeffery Payne discusses the risks associated with mobile platforms/applications and describes proven practices for ensuring the safety of your mobile applications. Jeffery delves into the unique nuances of mobile platforms and how these differences impact the security approach when you are developing and testing mobile applications. Topics include session management, data encryption, securing legacy code, and platform security models. Learn what to watch out for when you start developing your next mobile app and take away tips and tricks for effectively securing and testing existing apps.
Bridging the Gap Between Your Security Defenses and Critical DataIBM Security
View on-demand recording: http://securityintelligence.com/events/bridging-the-gap-between-your-security-defenses-and-critical-data/
Many organizations are struggling with the growing gap between the vulnerability of critical data and security defenses. You need visibility at all times to prevent external and internal database breaches. Your organization can't lose sight of the importance of the integrity of your data, including unauthorized changes and suspicious activity.
You will learn how combining the industry-leading security intelligence capabilities of IBM QRadar Security Intelligence Platform with the robust data security capabilities of IBM Security Guardium data activity monitor, organizations can gain actionable insights to reduce security risks at all layers and boost compliance across the enterprise.
In this live webinar, Sally Fabian, IBM Data Security Technical Specialist, will discuss:
- Architecture and integration points
- Real-time alerts and reporting
- Vulnerability assessments according to your risk score
- Security intelligence event log collection and analytics
- Actionable insights from security events
Introduction to Software Licensing is a powerpoint presentation that I made up to raise our company\'s awareness about the use of proprietary software and the laws involve in it.
Skeletons in the Closet: Securing Inherited ApplicationsDenim Group
Many security officers worry less about the security of new applications being built and more about the security of hundreds of applications they inherited. What applications represent the biggest risk? What attributes make them more or less risky? What are the most cost-effective courses of action given budget constraints in today’s business environment? This interactive workshop will help participants understand how to attack this problem and create a risk-based approach to managing the security of an existing application portfolio using tools like the OWASP ASVS model. The session will decompose an example application to determine how to conduct a bottom-up risk profile for future risk comparison against other applications. The audience will also participate in an exercise comparing different applications to better understand the ranking process. The audience will leave with a framework, action plan and basic understanding of the risk-ranking process that they can immediately apply to their work environment.
InDorse Tech Red Herring 100 Presentation FinalRob Marano
Winning presentation given at the 2010 Red Herring 100 North America Competition in Coronado, CA, on June 23, 2010 by Rob Marano, CEO & President of InDorse Technologies.
Current challenges in Software License Management - and solutionsDominic Haigh
Independent software vendors (ISVs) have to deal with many issues in securely protecting their revenues while meeting customers' demands for convenience and flexibility. For example, Internet-based activation works well for both ISVs and their users, but what about users whose systems have no Internet connection, or whose system crashes, or who need to relocate their license, or who want to regularly renew a subscription license or update a usage-based license?
Perhaps product activation will work for the majority of customers, but how do ISVs support enterprise customers who want floating licensing or activation of licenses from a pool?
Securing a license by locking it to hardware parameters of your user's system is a proven approach for copy protection, but what about virtual systems, where hardware parameters can change for legitimate users?
Perhaps an ISV needs to upgrade from an insecure and cumbersome in-house or obsolete commercial licensing tool - how can they smoothly migrate their products and customers to a modern licensing solution, and minimize the development effort required?
This presentation covers these topics and more, and describes practical solutions with case studies of how ISVs are using them today to securely protect their revenues.
Biztec addresses medium-and large-sized companies with enterprise-wide collaborative planning and management solutions. We also provide consulting services by helping companies recognize opportunities for using technology to streamline their business processes.
Our solutions are classified as
Web Applications / Portals
Cloud Computing
Windows Applications
Web Designing
Visit Us:
www.biztecsolutions.com
Tips and Tricks for Building Secure Mobile AppsTechWell
Mobile application development is now a mission-critical component of IT organizations and a big part of software industry’s landscape. Due to the security threats associated with mobile devices, it is critical we build our apps—from the ground up—to be secure and trustworthy. However, many application developers and testers do not understand how to build and test secure mobile applications. Jeffery Payne discusses the risks associated with mobile platforms/applications and describes proven practices for ensuring the safety of your mobile applications. Jeffery delves into the unique nuances of mobile platforms and how these differences impact the security approach when you are developing and testing mobile applications. Topics include session management, data encryption, securing legacy code, and platform security models. Learn what to watch out for when you start developing your next mobile app and take away tips and tricks for effectively securing and testing existing apps.
Software audit strategies: how often is enough? Protecode
With the widespread use of open source software in proprietary software projects, organizations are looking for ways to mitigate licensing, security and quality vulnerabilities related to open source code. These organizations are increasing deploying software audits which involve scanning a software portfolio to uncover all software packages as well as their associated licensing and copyright obligations, security vulnerabilities and other code attribute information.
Presentation I just finished creating for Denim Group, my clients new vulnerability management platform launch.. we\'ve gotten over 10 articles so far and several analyst quotes!
Strategies for Commercial Software Developers Using Open Source Code in Propr...Mary Lou Wakimura
Commercial software developers are often drawn to open source code to help deliver a low cost and flexible product that can quickly be brought to market. While there are benefits, there are also risks and pitfalls. With the growth and influence of free software licensing, some have been asserting the General Public License (GPL) violations in litigation to attempt to gain an advantage. Please join us as we explore these issues and discuss strategies to protect your product from litigation and to evaluate whether your new product will be strengthened or weakened by the integration of open source software, and in particular the GPL.
Gain insight into:
- Reach of the influential free software license GPL;
- Emerging risk of copyright trolls in open source;
- Risk of Free Software Foundation sponsored litigation in response to GPL violations;
- Contours of what constitutes a derivative work employing Linux code in the context of the GPL; and
- Lessons learned from the Hellwig vs. VMware case.
Legal Issues in Developing in a Hybrid Envionment with Open Source SoftwareMark Radcliffe
This slidedeck is the third in a series of presentations on legal issues on open source licensing by Karen Copenhaver of Choate Hall and Mark Radcliffe of DLA Piper. To view the webinars, please go to http://www.blackducksoftware.com/files/legal-webinar-series.html. You may also want to visit my blog which frequently deals with open source legal issues http://lawandlifesiliconvalley.com/blog/
This RVAsec presentation by Black Duck Software's Bill Weinberg explores the role of and requirements for secure development and deployment with open source software.
Software Security for Project Managers: What Do You Need To Know?Denim Group
Application-level vulnerabilities have been responsible for a number of very public data breaches and are increasingly a target for a variety of types of attackers. This presentation demonstrates some of the security vulnerabilities that are often introduced during software development projects. It also looks at activities that can help identify these vulnerabilities as well as prevent them from being introduced in the first place. Attendees will take away from the presentation an understanding of software security risks as well as where assurance activities can be included in the project plan to help increase the security of software being developed with a minimum of impact to project schedules and budgets.
Top Strategies to Capture Security Intelligence for ApplicationsDenim Group
Security professionals have years of experience logging and tracking network security events to identify unauthorized or malicious activity on a corporate network. Unfortunately, many of today's attacks are focused on the application layer, where the fidelity of logging for security events is less robust. Most application logs are typically used to see errors and failures and the internal state of the system, not events that might be interesting from a security perspective. Security practitioners are concerned with understanding patterns of user behavior and, in the event of an attack, being able to see an entire user’s session. How are application events different from network events? What type of information should security practitioners ensure software developers log for event analysis? What are the types of technologies that enable application-level logging and analysis? In this presentation, John Dickson will discuss what should be present in application logs to help understand threats and attacks, and better guard against them.
Leveraging Open Source Opportunity in the Public Sector Without the RiskProtecode
Open source software presents a huge opportunity for public sector organisations in the UK. Adopting open source solutions allows assets to be shared and re-used; freeing organisations from massively expensive, inflexible “lock-in” solutions. To ensure that this potential is realised, it is imperative that organisations adopt a process for managing potential licensing, security and encryption content associated with open source code.
Join us as we share our tips for streamlining the open source adoption and management process and removing uncertainties around third party software vulnerabilities.
There are multiple reasons why Open Source Software OSS is a benefit for all organisations and in particular in Public Sector.
All of the organisations represented on this call will be tasked with delivering solutions for specific requirements and at great speed. Why create those solutions from generic platforms and be dependent on their long release cycles to evolve the solutions when you can develop just what is needed and then share that with other PS orgs who can modify to suit their requirements which makes for rapid development and lack of redundancy
Ultimately you will be able to control your own destiny and set your own pace for delivering exactly what is needed.
In this Security technology workshop designed specially for senior IT and business line executives, we will show you how to navigate the “valley of death” of the complex sale of enterprise information protection and make or break the business justification with your management board. Through specific Business Threat Modeling(TM) tactical methods we will show you how to discover current data loss violations, quantify threats and valuate your risk in order to select the most cost-effective security technologies to protect your enterprise information.
Similar to Defense Federal Acquisition Regulation Supplement; Open Source Software Public Meeting (20)
Flight WEST 2018 Presentation - A Buyer Investor Playbook for Successfully Na...Black Duck by Synopsys
Anthony Decicco, shareholder, GTC Law Group presented at FLIGHT West 2018. His session description included:
A buyer and investor focused discussion of key open source software-related issues and deal points. Understanding the key legal and technical risks, as well as strategies for mitigating them, will help you to focus due diligence, speed and smooth negotiations and get better deal terms, increasing overall value and avoiding post-transaction surprises.
For more information, please visit us at www.blackducksoftware.com
FLIGHT WEST 2018 Presentation - Continuous Monitoring of Open Source Componen...Black Duck by Synopsys
Basma Shahadat, Lead Research Engineer presented at Black Duck Flight West 2018. Security checking in the early stages of the SDLC is critical. This session will demonstrate how Proofpoint is taking proactive steps to reduce risk by integrating Black Duck into Proofpoint’s continuous integration pipeline to detect open source vulnerabilities during the product build. For more information, please visit us at https://www.blackducksoftware.com/
FLIGHT WEST 2018 Presentation - Integrating Security into Your Development an...Black Duck by Synopsys
Utsav Sanghani, Product Manager, Integrations and Alliance at Synopsys presented on how to "Black Duck your Code Faster with Black Duck Integrations." For more information, please visit www.blackducksoftware.com
Black Duck On-Demand-Audits von über 1.100
kommerziellen Anwendungen im Jahr 2017
verdeutlichen die ständigen Herausforderungen, vor
denen Unternehmen stehen, um Open Source effektiv
zu erkennen und zu sichern.
FLIGHT Amsterdam Presentation - Open Source, IP and Trade Secrets: An Impossi...Black Duck by Synopsys
At Flight Amsterdam, Fenna Douwenga, Associate, Bird & Bird provided practical tips on open source licenses, intellectual property rights, and trade secrets. During the presentation Fenna reviewed, everlasting conflict between patents, copyright and open source and how it can be overcome. Additionally, the new European Trade Secrets Directive was discussed and how some of the requirements therein may for instance conflict with the GNU General Public license. Furthermore, a quick outline of the influence of Brexit on licenses closed under UK law was given and how potential problems can be prevented.
FLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical GuideBlack Duck by Synopsys
Flight Amsterdam Presentation by Daniel Hedley and Georgie Collins, Partners, Irwin Mitchell looked at the intersection of the GDPR and open source software management and the laws which govern how organisations must respond to data breaches (including GDPR and NISD), how to prepare for a data breach, and what to do if the worst happens.
FLIGHT Amsterdam Presentation - Don’t Let Open Source Software Kill Your DealBlack Duck by Synopsys
Flight Amsterdam presentation by Anthony Decicco, Shareholder, GTC Law Group
Open source software is increasingly centric to transactions, whether licensing, mergers, acquisitions, financing, insurance, offerings or loans, and the deal landscape is changing with the prevalence of representation and warranty insurance, heightened focus on security vulnerabilities and increasing litigation. As such, it is important to understand and re-visit key open source software-related issues and deal points to accelerate your deal, avoid unnecessary due diligence and realize the most value from your open source software-related compliance efforts.
Open Source Insight: Securing IoT, Atlanta Ransomware Attack, Congress on Cyb...Black Duck by Synopsys
The Black Duck blog and Open Source Insight become part of the Synopsys Software Integrity blog in early April. You’ll still get the latest open source security and license compliance news, insights, and opinions you’ve come to expect, plus the latest software security trends, news, tips, best practices, and thought leadership every week. Don’t delay, subscribe today! Now on to this week’s open source security and cybersecurity news.
Open Source Insight:GitHub Finds 4M Flaws, IAST Magic Quadrant, 2018 Open So...Black Duck by Synopsys
A big news week for Synopsys and Black Duck as Gartner releases the 2018 Gartner Magic Quadrant for Application Security Testing and the 2018 Open Source Rookies of the Year are announced. More on these stories and the hottest open source security and cybersecurity news in this week’s Open Source Insight!
2018 is the Open Source Rookies report’s 10th anniversary, brought to you by Black Duck by Synopsys. This infographic shows the impressive number of projects started in 2017 and the distribution across the world and a wide range of categories. Narrowing them down was hard! The open source community continues to produce innovative and influential open source projects.
Open Source Insight: Who Owns Linux? TRITON Attack, App Security Testing, Fut...Black Duck by Synopsys
We look at the three reasons you must attend the FLIGHT Amsterdam conference; how to build outstanding projects in the open source community; and why isn’t every app being security tested? Plus, in-depth into the TRITON attack; why 2018 is the year of open source; how open source is driving both IoT and AI and a webinar on the 2018 Open Source Rookies of the Year.
Open Source Insight is your weekly news resource for open source security and cybersecurity news!
Open Source Insight: SCA for DevOps, DHS Security, Securing Open Source for G...Black Duck by Synopsys
It’s an acronym-filled issue of Open Source Insight, as we look at the question of SCA (software composition analysis) and how it fits into the DevOps environment. The DHS (Department of Homeland Security) has concerning security gaps, according to its OIG (Office of Inspector General). Can the CVE (Common Vulnerabilities and Exposures) gap be closed? The GDPR (General Data Protection Regulation) is bearing down on us like a freight train, and it’s past time to include open source security into your GDPR plans.
Plus, an intro to the Open Hub community, looking at security for blockchain apps, and best practices for open source security in container environments are all featured in this week’s cybersecurity and open source security news.
Open Source Insight: AppSec for DevOps, Open Source vs Proprietary, Malicious...Black Duck by Synopsys
Welcome to the March 2nd edition of Open Source Insight from Black Duck by Synopsys! We look at places you’d never expect to find GDPR data, as well as answers to your most-frequently-asked GDPR questions. Synopsys Principal Scientist Sammy Migues explores why enterprises must have a software security program while Black Duck Technology Evangelist, Tim Mackey, takes a look at building application security into the heart of DevOps. Plus, a report that may give you nightmares on the malicious possibilities of AI. All the cybersecurity and open source security news fit to print lies ahead for your reading pleasure…
Open Source Insight: Big Data Breaches, Costly Cyberattacks, Vuln Detection f...Black Duck by Synopsys
This week’s Open Source Insight features a powerful visualization tool displaying the world’s biggest data breaches at name brands such as Ebay, Equifax, Anthem, and Target. The White House and British Foreign Office have condemned a cyber-attack launched by the Russian military on Ukraine and hint at reprisals. Black Duck brings open source vulnerability detection to Kubernetes, and Synopsys will host Elevate, an evening thought leadership event at Embedded World 2018 featuring an elite group of international cyber security experts leading a discussion about IoT and embedded systems security threats and solutions.
Read on for all the open source security and cybersecurity news you need to know this week.
Open Source Insight: Happy Birthday Open Source and Application Security for ...Black Duck by Synopsys
Opinions differ on exactly when, but open source turned twenty this year. Most security breaches in 2017 were preventable (you hear that, Equifax?), and it’s time to take a look back to prevent similar breaches in 2018. iPhone source code gets leaked (for a short time). And keeping medical devices, voting machines, automobiles, and critical infrastructure safe in a world of increasing application risk.
Read on for open source security and cybersecurity in Open Source Insight for February 9th, 2018.
Open Source Insight: Security Breaches and Cryptocurrency Dominating NewsBlack Duck by Synopsys
This week in Open Source Insight we examine blockchain security and the cryptocurrency boom. Plus, take an in depth look at open source software in tech contracts with a legal expert from Tech Contracts Academy, Adobe Flash Player continues to be a security concern, the Open Source Initiative turns 20, and step by step instructions for migrating to Docker on Black Duck Hub. Cybersecurity and security breach news also dominates this week, as Synopsys examines security breaches in 2017 and how they were preventable.
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Quick background for context: Black Duck provides products and services that help development organizations gain the benefits of open source while managing the risks. The company has been in business for about 10 years. We are growing at about 35% and now approximately 150 employees. Headquarters are in Burlington, MA, but we have employees across the US and in Europe and Asia. We’ve done business with about 1000 organizations in 24 countries.By any measure we lead the market for the types of products and services we offer and certainly have more experience than any company in helping organizations with OSS governance. From this experience we have developed a view on the benefits and risks of using open source components in development.
Gartner Group‘s lead analyst on open source, Mark Driver (data in the slide is from November 2010), summarized the benefits and key challenges of using OSS. This position completely aligns well with Black Duck’s experience: You have to use open source, but there are challenges/risks that require management.In addition, Driver has commented on the ubiquity of open source, that it is unavoidable and should be embraced as part of normal development process. Mark also made the following predictions:-- By 2016, OSS will be included in mission-critical software portfolios within 99% of Global 2000 enterprises, up from 75% in 2010.-- By 2014, 50% of Global 2000 organizations will experience technology, cost and security challenges through lack of open-source governance.
Given the multi-source style of development and the increasing use of open source, there are fundamental forces that increase the potential of code risks:-There’s an enormous amount of code out there freely available to anyone with a browser. Some of it is great code, some of it has problems with respect to security vulnerabilities, quality, documentation, support, maintainability, and licensing.-This wealth of code is highly attractive to developers, but inherently difficult to control, and few companies have near the requisite controls in place. Without proper controls in place, decisions about what components end up in software are being made by individual developers. -Supplier personnel who are making assertions about code content, typically don’t know. Software development has changed so much over the last few years that the folks in charge are generally not in touch with what developers are doing. And, even if they are in conceptual touch, without governance in place, they literally can’t know the details of what components are being used where.
There is no way to comprehensively analyze how much of what components are used where out in the wild. However, Black Duck has performed 1000s of audits of code, typically closed-source commercial code and so we have some sense for the state of the system.Of the code bases we scan, it is typical that 20% of the code is open source. (We’ve seen as high as 90%.) Often we are doing these code content audits in the context of a company being bought and we are comparing to a declared software Bill of Materials that a company has generated at the request of the buyer. Almost every time we find code that the code contains open source components that were unknown to the code owner. And, more than half the time, these components are licensed under licenses that are GPL-style or for which the licensing can not be determined.The bottom line is that even companies that make an effort to determine what is in their code are generally unable to do so with any accuracy.
We have certainly seen proprietary code turn up in open source code. In one case, we informed a company that their code matched closely to an open source project and they discovered that a disgruntled employee had stolen their proprietary code and made it available to the world as open source. However, organizations and developers are generally more sensitive to ownership of proprietary code, and therefore proprietary code is less likely to “wander” than is open source. So, it is more common for the issue to be incompatible open source licenses in an open source component or in proprietary code. The Eclipse Foundation, for example, scans and analyzes every piece of code that comes in the door for this reason.Another risk worth considering is code leaking out into the open source world. There are great self-serving reasons to make contributions back to open source projects, but there need to be controls on what goes out the door.It’s important to broaden the perspective on risk beyond license/copyright risk. There are plenty of other reasons to want to know what’s in your code, beyond the legal ones. Only by knowing the source of components can you properly assess security, quality and maintainability of code. This is not to say that open source code is inherently problematic along these lines. Arguably, open source code can be better. But there’s plenty of bad open source out there along with the great code.Open source licenses do not protect contractors against legal or other risks, although contractors may obtain open source code from commercial entities who will provide not only support but also some legal protections. Regarding support and the ability to remediate other risks, contractors are potentially able to address any issues as they have access to source code with open source. More importantly though, if they are selecting popular, broadly used projects, the community may provide better support than any single entity could. And, in terms of future maintainability, a vibrant project may outlast any individual company that is supporting it.The bottom line is that the best protection for the government is to ensure that they are working with contractors that have a sophisticated understanding of open source and the way it is licensed and developed, and which have governance systems in place that give them visibility and control of code content.
There’s little choice about using open source off the shelf as well as in the form of components in developed code. The benefits are just too great to ignore. However, along with the benefits come risks, not just legal, but also risks with respect to security, quality and future maintainability. Those risks need to be managed and it is imprudent to assume contractors are doing so properly. The key for the DoD is to ensure that their contractors are sufficiently open source savvy to manage the risks.