SlideShare a Scribd company logo

Software compliance

Download as PPTX, PDF
S Periyakaruppan CISM,ISO31000,C-EH,ITILF
S Periyakaruppan CISM,ISO31000,C-EH,ITILF
1 of 10
Software Compliance An overview
Contents • Software Compliance • 3 Major factors • Internet piracy • Soft lifting • Counterfeiting • Do’s • Don’ts
Fake copies of licensed softwares.
Experts Blogs Free development tools Open Source softwares P2P file hosting Open proxies Search Engines
I am looking for a latest version of MS OS ..!!
Leave un-noticed open source/trial software in your system Open source or trial version of softwares left un-installed for a long time leads to “Non-Compliance”
Do’s • Use open source software for development purpose • Use least privilege to execute software. • Use licensed software for production. • Document the usage of licensed software products. • Use open source software with due attention of non- commercial use • Use limited software copies in asset for the purpose of business. • Keep your system secure – Check latest updated AV
Don’ts • Download softwares from internet • Download open source software • Installing multiple copies of software • Use trial/freeware/shareware in production • Download software from blogs • Use development edition for commercial purpose • Accessing malicious websites hosted open source software

Recommended

So Your Company Hired A Pentester
So Your Company Hired A PentesterSo Your Company Hired A Pentester
So Your Company Hired A PentesterNorthBayWeb
 
Hp fortify source code analyzer(sca)
Hp fortify source code analyzer(sca)Hp fortify source code analyzer(sca)
Hp fortify source code analyzer(sca)Nagaraju Repala
 
Node.js Module: I Choose You!
Node.js Module: I Choose You!Node.js Module: I Choose You!
Node.js Module: I Choose You!Bethany Nicolle Griggs
 
Legal and practical concerns with open source software
Legal and practical concerns with open source softwareLegal and practical concerns with open source software
Legal and practical concerns with open source softwareRogue Wave Software
 
Integrating Black Duck into Your Environment with Hub APIs
Integrating Black Duck into Your Environment with Hub APIsIntegrating Black Duck into Your Environment with Hub APIs
Integrating Black Duck into Your Environment with Hub APIsBlack Duck by Synopsys
 
Aliens in Your Apps! Are You Using Components With Known Vulnerabilities?
Aliens in Your Apps! Are You Using Components With Known Vulnerabilities?Aliens in Your Apps! Are You Using Components With Known Vulnerabilities?
Aliens in Your Apps! Are You Using Components With Known Vulnerabilities?Sonatype
 
Performing an audit - Open source compliance seminar
Performing an audit - Open source compliance seminar Performing an audit - Open source compliance seminar
Performing an audit - Open source compliance seminar Rogue Wave Software
 
What the fuzz
What the fuzzWhat the fuzz
What the fuzzChristopher Frenz
 

Recommended

So Your Company Hired A Pentester
So Your Company Hired A PentesterSo Your Company Hired A Pentester
So Your Company Hired A PentesterNorthBayWeb
 
Hp fortify source code analyzer(sca)
Hp fortify source code analyzer(sca)Hp fortify source code analyzer(sca)
Hp fortify source code analyzer(sca)Nagaraju Repala
 
Node.js Module: I Choose You!
Node.js Module: I Choose You!Node.js Module: I Choose You!
Node.js Module: I Choose You!Bethany Nicolle Griggs
 
Legal and practical concerns with open source software
Legal and practical concerns with open source softwareLegal and practical concerns with open source software
Legal and practical concerns with open source softwareRogue Wave Software
 
Integrating Black Duck into Your Environment with Hub APIs
Integrating Black Duck into Your Environment with Hub APIsIntegrating Black Duck into Your Environment with Hub APIs
Integrating Black Duck into Your Environment with Hub APIsBlack Duck by Synopsys
 
Aliens in Your Apps! Are You Using Components With Known Vulnerabilities?
Aliens in Your Apps! Are You Using Components With Known Vulnerabilities?Aliens in Your Apps! Are You Using Components With Known Vulnerabilities?
Aliens in Your Apps! Are You Using Components With Known Vulnerabilities?Sonatype
 
Performing an audit - Open source compliance seminar
Performing an audit - Open source compliance seminar Performing an audit - Open source compliance seminar
Performing an audit - Open source compliance seminar Rogue Wave Software
 
What the fuzz
What the fuzzWhat the fuzz
What the fuzzChristopher Frenz
 
Securing Docker Containers
Securing Docker ContainersSecuring Docker Containers
Securing Docker ContainersBlack Duck by Synopsys
 
Open source software
Open source softwareOpen source software
Open source softwareAmruhtha Viswanathan
 
Automated tools for penetration testing
Automated tools for penetration testingAutomated tools for penetration testing
Automated tools for penetration testingdevanshdubey7
 
Building a high quality+ products with SCA
Building a high quality+ products with SCABuilding a high quality+ products with SCA
Building a high quality+ products with SCASuman Sourav
 
CNIT 129S: Ch 12: Attacking Users: Cross-Site Scripting
CNIT 129S: Ch 12: Attacking Users: Cross-Site ScriptingCNIT 129S: Ch 12: Attacking Users: Cross-Site Scripting
CNIT 129S: Ch 12: Attacking Users: Cross-Site ScriptingSam Bowne
 
(In)security in Open Source
(In)security in Open Source(In)security in Open Source
(In)security in Open SourceShane Coughlan
 
Automated Penetration Testing With Core Impact
Automated Penetration Testing With Core ImpactAutomated Penetration Testing With Core Impact
Automated Penetration Testing With Core ImpactTom Eston
 
Parts of Computer (software)
Parts of Computer (software)Parts of Computer (software)
Parts of Computer (software)Mac Mac
 
Rapid software testing and conformance with static code analysis
Rapid software testing and conformance with static code analysisRapid software testing and conformance with static code analysis
Rapid software testing and conformance with static code analysisRogue Wave Software
 
nFront Password Filter Overview
nFront Password Filter OverviewnFront Password Filter Overview
nFront Password Filter OverviewnFront Security
 
When the internet bleeded : RootConf 2014
When the internet bleeded : RootConf 2014When the internet bleeded : RootConf 2014
When the internet bleeded : RootConf 2014Anant Shrivastava
 
Is Your Mobile App Secure?
Is Your Mobile App Secure?Is Your Mobile App Secure?
Is Your Mobile App Secure?Sam Bowne
 
Test parallelization using Jenkins
Test parallelization using JenkinsTest parallelization using Jenkins
Test parallelization using JenkinsRogue Wave Software
 
You installed what Thierry Sans
You installed what Thierry SansYou installed what Thierry Sans
You installed what Thierry SansOWASP-Qatar Chapter
 
Legal and Practical Concerns with Software Development
Legal and Practical Concerns with Software DevelopmentLegal and Practical Concerns with Software Development
Legal and Practical Concerns with Software DevelopmentRogue Wave Software
 
Building & Leveraging White Database for Antivirus Testing
Building & Leveraging White Database for Antivirus TestingBuilding & Leveraging White Database for Antivirus Testing
Building & Leveraging White Database for Antivirus Testingfrisksoftware
 
CIA Hacking Organization in the Nutshell
CIA Hacking Organization in the NutshellCIA Hacking Organization in the Nutshell
CIA Hacking Organization in the NutshellNazar Tymoshyk, CEH, Ph.D.
 
Be Storm - Automated Application/Software Vulnerability Testing
Be Storm - Automated Application/Software Vulnerability TestingBe Storm - Automated Application/Software Vulnerability Testing
Be Storm - Automated Application/Software Vulnerability TestingAmit Shirolkar
 
security misconfigurations
security misconfigurationssecurity misconfigurations
security misconfigurationsMegha Sahu
 
DevSecCon Tel Aviv 2018 - Value driven threat modeling by Avi Douglen
DevSecCon Tel Aviv 2018 - Value driven threat modeling by Avi DouglenDevSecCon Tel Aviv 2018 - Value driven threat modeling by Avi Douglen
DevSecCon Tel Aviv 2018 - Value driven threat modeling by Avi DouglenDevSecCon
 
Introduction To Computing.pptx
Introduction To Computing.pptxIntroduction To Computing.pptx
Introduction To Computing.pptxMARIVICJOYCLAMUCHA1
 
Open Source Software
Open Source SoftwareOpen Source Software
Open Source SoftwareAndrew Nolen, MCJ/FP, CDCA
 

More Related Content

What's hot

Automated tools for penetration testing
Automated tools for penetration testingAutomated tools for penetration testing
Automated tools for penetration testingdevanshdubey7
 
Building a high quality+ products with SCA
Building a high quality+ products with SCABuilding a high quality+ products with SCA
Building a high quality+ products with SCASuman Sourav
 
CNIT 129S: Ch 12: Attacking Users: Cross-Site Scripting
CNIT 129S: Ch 12: Attacking Users: Cross-Site ScriptingCNIT 129S: Ch 12: Attacking Users: Cross-Site Scripting
CNIT 129S: Ch 12: Attacking Users: Cross-Site ScriptingSam Bowne
 
(In)security in Open Source
(In)security in Open Source(In)security in Open Source
(In)security in Open SourceShane Coughlan
 
Automated Penetration Testing With Core Impact
Automated Penetration Testing With Core ImpactAutomated Penetration Testing With Core Impact
Automated Penetration Testing With Core ImpactTom Eston
 
Parts of Computer (software)
Parts of Computer (software)Parts of Computer (software)
Parts of Computer (software)Mac Mac
 
Rapid software testing and conformance with static code analysis
Rapid software testing and conformance with static code analysisRapid software testing and conformance with static code analysis
Rapid software testing and conformance with static code analysisRogue Wave Software
 
nFront Password Filter Overview
nFront Password Filter OverviewnFront Password Filter Overview
nFront Password Filter OverviewnFront Security
 
When the internet bleeded : RootConf 2014
When the internet bleeded : RootConf 2014When the internet bleeded : RootConf 2014
When the internet bleeded : RootConf 2014Anant Shrivastava
 
Is Your Mobile App Secure?
Is Your Mobile App Secure?Is Your Mobile App Secure?
Is Your Mobile App Secure?Sam Bowne
 
Test parallelization using Jenkins
Test parallelization using JenkinsTest parallelization using Jenkins
Test parallelization using JenkinsRogue Wave Software
 
Legal and Practical Concerns with Software Development
Legal and Practical Concerns with Software DevelopmentLegal and Practical Concerns with Software Development
Legal and Practical Concerns with Software DevelopmentRogue Wave Software
 
Building & Leveraging White Database for Antivirus Testing
Building & Leveraging White Database for Antivirus TestingBuilding & Leveraging White Database for Antivirus Testing
Building & Leveraging White Database for Antivirus Testingfrisksoftware
 
Be Storm - Automated Application/Software Vulnerability Testing
Be Storm - Automated Application/Software Vulnerability TestingBe Storm - Automated Application/Software Vulnerability Testing
Be Storm - Automated Application/Software Vulnerability TestingAmit Shirolkar
 
security misconfigurations
security misconfigurationssecurity misconfigurations
security misconfigurationsMegha Sahu
 
DevSecCon Tel Aviv 2018 - Value driven threat modeling by Avi Douglen
DevSecCon Tel Aviv 2018 - Value driven threat modeling by Avi DouglenDevSecCon Tel Aviv 2018 - Value driven threat modeling by Avi Douglen
DevSecCon Tel Aviv 2018 - Value driven threat modeling by Avi DouglenDevSecCon
 

What's hot (20)

Securing Docker Containers
Securing Docker ContainersSecuring Docker Containers
Securing Docker Containers
 
Open source software
Open source softwareOpen source software
Open source software
 
Automated tools for penetration testing
Automated tools for penetration testingAutomated tools for penetration testing
Automated tools for penetration testing
 
Building a high quality+ products with SCA
Building a high quality+ products with SCABuilding a high quality+ products with SCA
Building a high quality+ products with SCA
 
CNIT 129S: Ch 12: Attacking Users: Cross-Site Scripting
CNIT 129S: Ch 12: Attacking Users: Cross-Site ScriptingCNIT 129S: Ch 12: Attacking Users: Cross-Site Scripting
CNIT 129S: Ch 12: Attacking Users: Cross-Site Scripting
 
(In)security in Open Source
(In)security in Open Source(In)security in Open Source
(In)security in Open Source
 
Automated Penetration Testing With Core Impact
Automated Penetration Testing With Core ImpactAutomated Penetration Testing With Core Impact
Automated Penetration Testing With Core Impact
 
Parts of Computer (software)
Parts of Computer (software)Parts of Computer (software)
Parts of Computer (software)
 
Rapid software testing and conformance with static code analysis
Rapid software testing and conformance with static code analysisRapid software testing and conformance with static code analysis
Rapid software testing and conformance with static code analysis
 
nFront Password Filter Overview
nFront Password Filter OverviewnFront Password Filter Overview
nFront Password Filter Overview
 
When the internet bleeded : RootConf 2014
When the internet bleeded : RootConf 2014When the internet bleeded : RootConf 2014
When the internet bleeded : RootConf 2014
 
Is Your Mobile App Secure?
Is Your Mobile App Secure?Is Your Mobile App Secure?
Is Your Mobile App Secure?
 
Test parallelization using Jenkins
Test parallelization using JenkinsTest parallelization using Jenkins
Test parallelization using Jenkins
 
You installed what Thierry Sans
You installed what Thierry SansYou installed what Thierry Sans
You installed what Thierry Sans
 
Legal and Practical Concerns with Software Development
Legal and Practical Concerns with Software DevelopmentLegal and Practical Concerns with Software Development
Legal and Practical Concerns with Software Development
 
Building & Leveraging White Database for Antivirus Testing
Building & Leveraging White Database for Antivirus TestingBuilding & Leveraging White Database for Antivirus Testing
Building & Leveraging White Database for Antivirus Testing
 
CIA Hacking Organization in the Nutshell
CIA Hacking Organization in the NutshellCIA Hacking Organization in the Nutshell
CIA Hacking Organization in the Nutshell
 
Be Storm - Automated Application/Software Vulnerability Testing
Be Storm - Automated Application/Software Vulnerability TestingBe Storm - Automated Application/Software Vulnerability Testing
Be Storm - Automated Application/Software Vulnerability Testing
 
security misconfigurations
security misconfigurationssecurity misconfigurations
security misconfigurations
 
DevSecCon Tel Aviv 2018 - Value driven threat modeling by Avi Douglen
DevSecCon Tel Aviv 2018 - Value driven threat modeling by Avi DouglenDevSecCon Tel Aviv 2018 - Value driven threat modeling by Avi Douglen
DevSecCon Tel Aviv 2018 - Value driven threat modeling by Avi Douglen
 

Similar to Software compliance

Open source software 101: Compliance and risk management
Open source software 101: Compliance and risk managementOpen source software 101: Compliance and risk management
Open source software 101: Compliance and risk managementOsler, Hoskin & Harcourt LLP
 
Programs you need!
Programs you need!Programs you need!
Programs you need!clcewing
 
Programs you need!
Programs you need!Programs you need!
Programs you need!dshinkfield
 
JavaOne 2014 Security Testing for Developers using OWASP ZAP
JavaOne 2014 Security Testing for Developers using OWASP ZAPJavaOne 2014 Security Testing for Developers using OWASP ZAP
JavaOne 2014 Security Testing for Developers using OWASP ZAPSimon Bennetts
 
Best practices for using open source software in the enterprise
Best practices for using open source software in the enterpriseBest practices for using open source software in the enterprise
Best practices for using open source software in the enterpriseMarcel de Vries
 
Installing and uninstalling computer software
Installing and uninstalling computer softwareInstalling and uninstalling computer software
Installing and uninstalling computer softwareVidya Kalaivani Rajkumar
 
Softwares open source shareware commercial Proprietary By Mohsin Iftikhar
Softwares open source shareware commercial Proprietary By Mohsin Iftikhar Softwares open source shareware commercial Proprietary By Mohsin Iftikhar
Softwares open source shareware commercial Proprietary By Mohsin Iftikhar Mohsin Ali
 
Open source technologies
Open source technologiesOpen source technologies
Open source technologiesBrizGo
 
Open DevSecOps 2019 - Securing the Software Supply Chain - Sonatype
Open DevSecOps 2019 - Securing the Software Supply Chain - SonatypeOpen DevSecOps 2019 - Securing the Software Supply Chain - Sonatype
Open DevSecOps 2019 - Securing the Software Supply Chain - SonatypeEmerasoft, solutions to collaborate
 
Open Source evaluation: A comprehensive guide on what you are using
Open Source evaluation: A comprehensive guide on what you are usingOpen Source evaluation: A comprehensive guide on what you are using
Open Source evaluation: A comprehensive guide on what you are usingAll Things Open
 
Open Source Software Concepts
Open Source Software ConceptsOpen Source Software Concepts
Open Source Software ConceptsJITENDRA LENKA
 
Open-Source Software Panel - IP Track
Open-Source Software Panel - IP TrackOpen-Source Software Panel - IP Track
Open-Source Software Panel - IP TrackAaron G. Sauers, CLP
 
Open Source: What’s this all about?
Open Source: What’s this all about?Open Source: What’s this all about?
Open Source: What’s this all about?Brad Montgomery
 
CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 1)
CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 1)CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 1)
CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 1)Sam Bowne
 

Similar to Software compliance (20)

Introduction To Computing.pptx
Introduction To Computing.pptxIntroduction To Computing.pptx
Introduction To Computing.pptx
 
Open Source Software
Open Source SoftwareOpen Source Software
Open Source Software
 
Open source software 101: Compliance and risk management
Open source software 101: Compliance and risk managementOpen source software 101: Compliance and risk management
Open source software 101: Compliance and risk management
 
Basic Computer Security for Doctors
Basic Computer Security for DoctorsBasic Computer Security for Doctors
Basic Computer Security for Doctors
 
Programs you need!
Programs you need!Programs you need!
Programs you need!
 
Programs you need!
Programs you need!Programs you need!
Programs you need!
 
Software
SoftwareSoftware
Software
 
JavaOne 2014 Security Testing for Developers using OWASP ZAP
JavaOne 2014 Security Testing for Developers using OWASP ZAPJavaOne 2014 Security Testing for Developers using OWASP ZAP
JavaOne 2014 Security Testing for Developers using OWASP ZAP
 
Best practices for using open source software in the enterprise
Best practices for using open source software in the enterpriseBest practices for using open source software in the enterprise
Best practices for using open source software in the enterprise
 
Installing and uninstalling computer software
Installing and uninstalling computer softwareInstalling and uninstalling computer software
Installing and uninstalling computer software
 
Softwares open source shareware commercial Proprietary By Mohsin Iftikhar
Softwares open source shareware commercial Proprietary By Mohsin Iftikhar Softwares open source shareware commercial Proprietary By Mohsin Iftikhar
Softwares open source shareware commercial Proprietary By Mohsin Iftikhar
 
Open source technologies
Open source technologiesOpen source technologies
Open source technologies
 
Open DevSecOps 2019 - Securing the Software Supply Chain - Sonatype
Open DevSecOps 2019 - Securing the Software Supply Chain - SonatypeOpen DevSecOps 2019 - Securing the Software Supply Chain - Sonatype
Open DevSecOps 2019 - Securing the Software Supply Chain - Sonatype
 
Open Source evaluation: A comprehensive guide on what you are using
Open Source evaluation: A comprehensive guide on what you are usingOpen Source evaluation: A comprehensive guide on what you are using
Open Source evaluation: A comprehensive guide on what you are using
 
Open Source Software Concepts
Open Source Software ConceptsOpen Source Software Concepts
Open Source Software Concepts
 
Foss for Health Care
Foss for Health CareFoss for Health Care
Foss for Health Care
 
Open-Source Software Panel - IP Track
Open-Source Software Panel - IP TrackOpen-Source Software Panel - IP Track
Open-Source Software Panel - IP Track
 
Open Source: What’s this all about?
Open Source: What’s this all about?Open Source: What’s this all about?
Open Source: What’s this all about?
 
CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 1)
CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 1)CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 1)
CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 1)
 
virus,worms & analysis
virus,worms & analysis virus,worms & analysis
virus,worms & analysis
 

More from S Periyakaruppan CISM,ISO31000,C-EH,ITILF

More from S Periyakaruppan CISM,ISO31000,C-EH,ITILF (7)

E payment security – pci dss
E payment security – pci dssE payment security – pci dss
E payment security – pci dss
 
Information systems risk assessment frame workisraf 130215042410-phpapp01
Information systems risk assessment frame workisraf 130215042410-phpapp01Information systems risk assessment frame workisraf 130215042410-phpapp01
Information systems risk assessment frame workisraf 130215042410-phpapp01
 
NIST 800 30 revision Sep 2012
NIST 800 30 revision Sep 2012NIST 800 30 revision Sep 2012
NIST 800 30 revision Sep 2012
 
Software compliance
Software complianceSoftware compliance
Software compliance
 
IT Infrastrucutre Security
IT Infrastrucutre SecurityIT Infrastrucutre Security
IT Infrastrucutre Security
 
Security Information and Event Managemen
Security Information and Event ManagemenSecurity Information and Event Managemen
Security Information and Event Managemen
 
Information technology Vs Information security
Information technology Vs Information securityInformation technology Vs Information security
Information technology Vs Information security
 

Software compliance

  • 1. Software Compliance An overview
  • 2. Contents • Software Compliance • 3 Major factors • Internet piracy • Soft lifting • Counterfeiting • Do’s • Don’ts
  • 3.
  • 5. Experts Blogs Free development tools Open Source softwares P2P file hosting Open proxies Search Engines
  • 6.
  • 7. I am looking for a latest version of MS OS ..!!
  • 8. Leave un-noticed open source/trial software in your system Open source or trial version of softwares left un-installed for a long time leads to “Non-Compliance”
  • 9. Do’s • Use open source software for development purpose • Use least privilege to execute software. • Use licensed software for production. • Document the usage of licensed software products. • Use open source software with due attention of non- commercial use • Use limited software copies in asset for the purpose of business. • Keep your system secure – Check latest updated AV
  • 10. Don’ts • Download softwares from internet • Download open source software • Installing multiple copies of software • Use trial/freeware/shareware in production • Download software from blogs • Use development edition for commercial purpose • Accessing malicious websites hosted open source software