SlideShare a Scribd company logo

Webinar: Systems Failures Fuel Security-Focused Design Practices

Synopsys Software Integrity Group
Synopsys Software Integrity Group

About this webinar: Today’s electronic systems are more intelligent, more connected, and more at risk than ever before. A single vulnerability can lead to widespread system-of-systems compromises. Organizations participating in security-critical industries like Aerospace and Defense (A&D) are especially at risk. In this webinar, Christopher Rommel from VDC and Joe Jarzombek from Synopsys will discuss the results from a recent report highlighting issues facing these organizations. They will also identify what considerations need to be made for the security of software that enables and controls system functionality. https://www.brighttalk.com/webcast/11447/268705

Software
1 of 14
Download to read offline
Systems Failures Fuel Security- Focused Design Practices VDC Research | IoT & Embedded Technology August 2017
2© 2017 VDC Research Group, Inc. Today’s speakers Chris Rommel, Executive Vice President at VDC Research Joe Jarzombek, Global Manager Software Supply Chain at Synopsys
3© 2017 VDC Research Group, Inc. 19.0% 57.1% 23.8% Yes No Don't Know 14.8% 71.4% 13.8% All Respondents Aerospace & Defense Past Exposure or Identification of Security Vulnerabilities/Failures within Organization Security is Already a Significant Problem
4© 2017 VDC Research Group, Inc. 8.1% 4.0% 16.2% 12.5% 13.5% 12.6% 13.5% 19.2% 13.5% 18.2% 18.9% 20.2% 16.2% 13.4% 0% 20% 40% 60% 80% 100% Aerospace & Defense All Respondents Critical Very Important Important Medium Importance Somewhat Important Not Very Important Not Important At All Devices are more intelligent, more connected and more at risk than ever before. Many OEMs and end users wary of potential security problems But only ½ A&D Engs view Security as Important Need to overcome user inertia: “if it ain’t broke, don’t fix it” OEMs need to understand the breadth and magnitude of risk/costs Importance of Security on Current Project/Program But Does Anyone Care?
5© 2017 VDC Research Group, Inc. 15.2% 13.1% 71.7% Commercial Third-party Software Open Source Third-Party Software In-house Developed Code More sophisticated functionality; more dependence on software functionality The average A&D project now has nearly 222K lines of code Distribution and sources of software code (3rd party, in- house, auto-generated, etc.) is also changing Percent of Total Software Code in Final Design Software Evolution Redefining Threat Landscape
6© 2017 VDC Research Group, Inc. 12.5% 3.1% 28.1% 9.4% 15.6% 15.6% 12.5% 3.1% 100% New 90% New / 10% Reused 75% New / 25% Reused 60% New / 40% Reused 50% New / 50% Reused 40% New / 60% Reused 25% New / 75% Reused 10% New / 90% Reused Most code used in project developed by someone else 46% of engineers report that at least 50% of their code is reused from prior projects Risk management profiles vary between stakeholder groups with sometimes unclear ownership of liability Code Reuse Cloudy SW Supply Chains Increase Risk
7© 2017 VDC Research Group, Inc. 1.2%5.3% 6.1%10.5% 26.2% 31.6% 47.1% 52.6% 19.3% 0% 20% 40% 60% 80% 100% Aerospace & Defense All Respondents Device is Unconnected Embedded Data/ Functionality Deemed Insensitive Security Expected to be Added by End Users Other Don't know Some think security is not their problem to address Expectation that end users can bolt on security is a recipe for failure Even unconnected devices can become connected Reason Security is Not Important Time to Change Priorities
8© 2017 VDC Research Group, Inc. 4.3% 4.3% 15.2% 17.4% 19.6% 21.7% 23.9% 26.1% 32.6% 0% 5% 10% 15% 20% 25% 30% 35% Don’t Know Other IP Theft Data Theft/Data Harvest Device Malfunction Network Host Services Disabled Loss of System/Service Disabled Attack or Vulnerability in Lab Device Hijack Consequences of software exploits are multi-faceted Failure of any type, even “cockpit errors,” will always point back to SI/OEM at some point Results of Security Vulnerability Growing Cost of Failure
9© 2017 VDC Research Group, Inc. 45.7% 39.1% 32.6% 21.7% 17.4% 21.7% 2.2% 0% 10% 20% 30% 40% 50% Reputation Financial Operational Legal Human No Damaged Cause Don't Know Loss of confidence and brand equity can be a serious issue In safety-critical applications, consequences can be much more dire Critical that engineering orgs adopt best practices to protect themselves Implications of Security Vulnerabilities A&D Security Risks Deep and Multifaceted
10© 2017 VDC Research Group, Inc. New tools can help address many issues SW quality investment should scale with SW dev resources Diverse/integrated testing SW composition analysis Eng Orgs must take proactive steps to improve system security and reduce financial risk Implement during dev Reduce number of vulnerabilities Reduce cost of remediation Types of Tools Used on Current Project/Program Securing Your Bottom-line During Development 5.7% 7.8% 7.5% 6.3% 16.1% 4.2% 15.9% 23.7% 32.9% 30.8% 0.0% 2.2% 2.2% 2.2% 8.9% 8.9% 24.4% 26.7% 31.1% 33.3% 0% 20% 40% Dynamic Application Security Testing Interactive Application Security Testing Software Composition Analysis (SCA) Static Application Security Testing Dynamic Software Testing Binary Analysis Model-based Software Testing Peer Code Review Unit Testing Static Analysis MilAero All Respondents
11© 2017 VDC Research Group, Inc. 11.5% Currently Using Static Analysis Tools Aerospace & Defense All Respondents 18.8% 13.9% Security defects not unique to one industry But A&D need to be held to higher standard Reevaluate not only internal processes, but also supply chain and procurement standards Past Exposure or Identification of Security Vulnerabilities/Failures Must Identify SW Problems Before they Become Sec Issue
12© 2017 VDC Research Group, Inc. Final Summary & Recommendations Increasing System Complexity Necessitates Change Tools Help Productivity, Quality, Safety AND Security Industry Collaboration and Self-Governance 1 2 3
13© 2017 VDC Research Group, Inc. Q&A
14© 2017 VDC Research Group, Inc. Thank you Contact us: software-integrity-info@synopsys.com Email: crommel@vdcresearch.com @chris_rommel @SW Integrity

Recommended

ARC's Bob Mick's Cyber Security Standards Presentation at ARC's 2008 Industry...
ARC's Bob Mick's Cyber Security Standards Presentation at ARC's 2008 Industry...ARC's Bob Mick's Cyber Security Standards Presentation at ARC's 2008 Industry...
ARC's Bob Mick's Cyber Security Standards Presentation at ARC's 2008 Industry...ARC Advisory Group
 
The State of Open Source Vulnerabilities Management
The State of Open Source Vulnerabilities ManagementThe State of Open Source Vulnerabilities Management
The State of Open Source Vulnerabilities ManagementWhiteSource
 
Tackling the Risks of Open Source Security: 5 Things You Need to Know
Tackling the Risks of Open Source Security: 5 Things You Need to KnowTackling the Risks of Open Source Security: 5 Things You Need to Know
Tackling the Risks of Open Source Security: 5 Things You Need to KnowWhiteSource
 
Winning open source vulnerabilities without loosing your deveopers - Azure De...
Winning open source vulnerabilities without loosing your deveopers - Azure De...Winning open source vulnerabilities without loosing your deveopers - Azure De...
Winning open source vulnerabilities without loosing your deveopers - Azure De...WhiteSource
 
The State of Open Source Vulnerabilities Management
The State of Open Source Vulnerabilities ManagementThe State of Open Source Vulnerabilities Management
The State of Open Source Vulnerabilities ManagementSBWebinars
 
Pentest as a Service Impact 2020
Pentest as a Service Impact 2020Pentest as a Service Impact 2020
Pentest as a Service Impact 2020DevOps.com
 
Information Security Incidents Survey in Russia
Information Security Incidents Survey in RussiaInformation Security Incidents Survey in Russia
Information Security Incidents Survey in RussiaPositive Hack Days
 
OSSF 2018 - David habusha of Whitesource - Open Source Vulnerabilities 101
OSSF 2018 - David habusha of Whitesource - Open Source Vulnerabilities 101OSSF 2018 - David habusha of Whitesource - Open Source Vulnerabilities 101
OSSF 2018 - David habusha of Whitesource - Open Source Vulnerabilities 101FINOS
 

Recommended

ARC's Bob Mick's Cyber Security Standards Presentation at ARC's 2008 Industry...
ARC's Bob Mick's Cyber Security Standards Presentation at ARC's 2008 Industry...ARC's Bob Mick's Cyber Security Standards Presentation at ARC's 2008 Industry...
ARC's Bob Mick's Cyber Security Standards Presentation at ARC's 2008 Industry...ARC Advisory Group
 
The State of Open Source Vulnerabilities Management
The State of Open Source Vulnerabilities ManagementThe State of Open Source Vulnerabilities Management
The State of Open Source Vulnerabilities ManagementWhiteSource
 
Tackling the Risks of Open Source Security: 5 Things You Need to Know
Tackling the Risks of Open Source Security: 5 Things You Need to KnowTackling the Risks of Open Source Security: 5 Things You Need to Know
Tackling the Risks of Open Source Security: 5 Things You Need to KnowWhiteSource
 
Winning open source vulnerabilities without loosing your deveopers - Azure De...
Winning open source vulnerabilities without loosing your deveopers - Azure De...Winning open source vulnerabilities without loosing your deveopers - Azure De...
Winning open source vulnerabilities without loosing your deveopers - Azure De...WhiteSource
 
The State of Open Source Vulnerabilities Management
The State of Open Source Vulnerabilities ManagementThe State of Open Source Vulnerabilities Management
The State of Open Source Vulnerabilities ManagementSBWebinars
 
Pentest as a Service Impact 2020
Pentest as a Service Impact 2020Pentest as a Service Impact 2020
Pentest as a Service Impact 2020DevOps.com
 
Information Security Incidents Survey in Russia
Information Security Incidents Survey in RussiaInformation Security Incidents Survey in Russia
Information Security Incidents Survey in RussiaPositive Hack Days
 
OSSF 2018 - David habusha of Whitesource - Open Source Vulnerabilities 101
OSSF 2018 - David habusha of Whitesource - Open Source Vulnerabilities 101OSSF 2018 - David habusha of Whitesource - Open Source Vulnerabilities 101
OSSF 2018 - David habusha of Whitesource - Open Source Vulnerabilities 101FINOS
 
2021 Open Source Governance: Top Ten Trends and Predictions
2021 Open Source Governance: Top Ten Trends and Predictions2021 Open Source Governance: Top Ten Trends and Predictions
2021 Open Source Governance: Top Ten Trends and PredictionsDevOps.com
 
Healthcare application-security-practices-survey-veracode
Healthcare application-security-practices-survey-veracodeHealthcare application-security-practices-survey-veracode
Healthcare application-security-practices-survey-veracodeVeracode
 
Veracode - Inglês
Veracode - InglêsVeracode - Inglês
Veracode - InglêsDeServ - Tecnologia e Servços
 
Why happier developers create more secure code
Why happier developers create more secure codeWhy happier developers create more secure code
Why happier developers create more secure codeDJ Schleen
 
5 things about os sharon webinar final
5 things about os sharon webinar final5 things about os sharon webinar final
5 things about os sharon webinar finalDevOps.com
 
Context Is King: The Developer Perspective on the Usage of Static Analysis Tools
Context Is King: The Developer Perspective on the Usage of Static Analysis ToolsContext Is King: The Developer Perspective on the Usage of Static Analysis Tools
Context Is King: The Developer Perspective on the Usage of Static Analysis ToolsSebastiano Panichella
 
Security & DevOps - What We Have Here Is a Failure to Communicate!
Security & DevOps - What We Have Here Is a Failure to Communicate!Security & DevOps - What We Have Here Is a Failure to Communicate!
Security & DevOps - What We Have Here Is a Failure to Communicate!DevOps.com
 
EndpointSecurityConcerns2014
EndpointSecurityConcerns2014EndpointSecurityConcerns2014
EndpointSecurityConcerns2014Peggy Lawless
 
20140121 cisec-safety criticalsoftwaredevelopment
20140121 cisec-safety criticalsoftwaredevelopment20140121 cisec-safety criticalsoftwaredevelopment
20140121 cisec-safety criticalsoftwaredevelopmentCISEC
 
Most expensive IT Security Incidents
Most expensive IT Security IncidentsMost expensive IT Security Incidents
Most expensive IT Security IncidentsARP
 
The Hidden Risk of Component Based Software Development
The Hidden Risk of Component Based Software DevelopmentThe Hidden Risk of Component Based Software Development
The Hidden Risk of Component Based Software DevelopmentSonatype
 
State of DevSecOps - GTACS 2019
State of DevSecOps - GTACS 2019State of DevSecOps - GTACS 2019
State of DevSecOps - GTACS 2019Stefan Streichsbier
 
Fortify Continuous Delivery
Fortify Continuous DeliveryFortify Continuous Delivery
Fortify Continuous DeliveryMainstay
 
State of DevSecOps - DevOpsDays Jakarta 2019
State of DevSecOps - DevOpsDays Jakarta 2019State of DevSecOps - DevOpsDays Jakarta 2019
State of DevSecOps - DevOpsDays Jakarta 2019Stefan Streichsbier
 
Penetration Testing
Penetration TestingPenetration Testing
Penetration Testingjananya213
 
Sonatype's 2013 OSS Software Survey
Sonatype's 2013 OSS Software Survey Sonatype's 2013 OSS Software Survey
Sonatype's 2013 OSS Software SurveySonatype
 
State of DevSecOps - DevSecOpsDays 2019
State of DevSecOps - DevSecOpsDays 2019State of DevSecOps - DevSecOpsDays 2019
State of DevSecOps - DevSecOpsDays 2019Stefan Streichsbier
 
Live 2014 Survey Results: Open Source Development and Application Security Su...
Live 2014 Survey Results: Open Source Development and Application Security Su...Live 2014 Survey Results: Open Source Development and Application Security Su...
Live 2014 Survey Results: Open Source Development and Application Security Su...Sonatype
 
DevSecOps in 2031: How robots and humans will secure apps together Log
DevSecOps in 2031: How robots and humans will secure apps together LogDevSecOps in 2031: How robots and humans will secure apps together Log
DevSecOps in 2031: How robots and humans will secure apps together LogStefan Streichsbier
 
Automate and Enhance Application Security Analysis
Automate and Enhance Application Security AnalysisAutomate and Enhance Application Security Analysis
Automate and Enhance Application Security AnalysisCarlos Andrés García
 
Managing Software Risk with CAST
Managing Software Risk with CASTManaging Software Risk with CAST
Managing Software Risk with CASTCAST
 
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptx
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptxEmphasizing Value of Prioritizing AppSec Meetup 11052023.pptx
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptxlior mazor
 

More Related Content

What's hot

2021 Open Source Governance: Top Ten Trends and Predictions
2021 Open Source Governance: Top Ten Trends and Predictions2021 Open Source Governance: Top Ten Trends and Predictions
2021 Open Source Governance: Top Ten Trends and PredictionsDevOps.com
 
Healthcare application-security-practices-survey-veracode
Healthcare application-security-practices-survey-veracodeHealthcare application-security-practices-survey-veracode
Healthcare application-security-practices-survey-veracodeVeracode
 
Why happier developers create more secure code
Why happier developers create more secure codeWhy happier developers create more secure code
Why happier developers create more secure codeDJ Schleen
 
5 things about os sharon webinar final
5 things about os sharon webinar final5 things about os sharon webinar final
5 things about os sharon webinar finalDevOps.com
 
Context Is King: The Developer Perspective on the Usage of Static Analysis Tools
Context Is King: The Developer Perspective on the Usage of Static Analysis ToolsContext Is King: The Developer Perspective on the Usage of Static Analysis Tools
Context Is King: The Developer Perspective on the Usage of Static Analysis ToolsSebastiano Panichella
 
Security & DevOps - What We Have Here Is a Failure to Communicate!
Security & DevOps - What We Have Here Is a Failure to Communicate!Security & DevOps - What We Have Here Is a Failure to Communicate!
Security & DevOps - What We Have Here Is a Failure to Communicate!DevOps.com
 
EndpointSecurityConcerns2014
EndpointSecurityConcerns2014EndpointSecurityConcerns2014
EndpointSecurityConcerns2014Peggy Lawless
 
20140121 cisec-safety criticalsoftwaredevelopment
20140121 cisec-safety criticalsoftwaredevelopment20140121 cisec-safety criticalsoftwaredevelopment
20140121 cisec-safety criticalsoftwaredevelopmentCISEC
 
Most expensive IT Security Incidents
Most expensive IT Security IncidentsMost expensive IT Security Incidents
Most expensive IT Security IncidentsARP
 
The Hidden Risk of Component Based Software Development
The Hidden Risk of Component Based Software DevelopmentThe Hidden Risk of Component Based Software Development
The Hidden Risk of Component Based Software DevelopmentSonatype
 
Fortify Continuous Delivery
Fortify Continuous DeliveryFortify Continuous Delivery
Fortify Continuous DeliveryMainstay
 
State of DevSecOps - DevOpsDays Jakarta 2019
State of DevSecOps - DevOpsDays Jakarta 2019State of DevSecOps - DevOpsDays Jakarta 2019
State of DevSecOps - DevOpsDays Jakarta 2019Stefan Streichsbier
 
Penetration Testing
Penetration TestingPenetration Testing
Penetration Testingjananya213
 
Sonatype's 2013 OSS Software Survey
Sonatype's 2013 OSS Software Survey Sonatype's 2013 OSS Software Survey
Sonatype's 2013 OSS Software SurveySonatype
 
State of DevSecOps - DevSecOpsDays 2019
State of DevSecOps - DevSecOpsDays 2019State of DevSecOps - DevSecOpsDays 2019
State of DevSecOps - DevSecOpsDays 2019Stefan Streichsbier
 
Live 2014 Survey Results: Open Source Development and Application Security Su...
Live 2014 Survey Results: Open Source Development and Application Security Su...Live 2014 Survey Results: Open Source Development and Application Security Su...
Live 2014 Survey Results: Open Source Development and Application Security Su...Sonatype
 
DevSecOps in 2031: How robots and humans will secure apps together Log
DevSecOps in 2031: How robots and humans will secure apps together LogDevSecOps in 2031: How robots and humans will secure apps together Log
DevSecOps in 2031: How robots and humans will secure apps together LogStefan Streichsbier
 
Automate and Enhance Application Security Analysis
Automate and Enhance Application Security AnalysisAutomate and Enhance Application Security Analysis
Automate and Enhance Application Security AnalysisCarlos Andrés García
 

What's hot (20)

2021 Open Source Governance: Top Ten Trends and Predictions
2021 Open Source Governance: Top Ten Trends and Predictions2021 Open Source Governance: Top Ten Trends and Predictions
2021 Open Source Governance: Top Ten Trends and Predictions
 
Healthcare application-security-practices-survey-veracode
Healthcare application-security-practices-survey-veracodeHealthcare application-security-practices-survey-veracode
Healthcare application-security-practices-survey-veracode
 
Veracode - Inglês
Veracode - InglêsVeracode - Inglês
Veracode - Inglês
 
Why happier developers create more secure code
Why happier developers create more secure codeWhy happier developers create more secure code
Why happier developers create more secure code
 
5 things about os sharon webinar final
5 things about os sharon webinar final5 things about os sharon webinar final
5 things about os sharon webinar final
 
Context Is King: The Developer Perspective on the Usage of Static Analysis Tools
Context Is King: The Developer Perspective on the Usage of Static Analysis ToolsContext Is King: The Developer Perspective on the Usage of Static Analysis Tools
Context Is King: The Developer Perspective on the Usage of Static Analysis Tools
 
Security & DevOps - What We Have Here Is a Failure to Communicate!
Security & DevOps - What We Have Here Is a Failure to Communicate!Security & DevOps - What We Have Here Is a Failure to Communicate!
Security & DevOps - What We Have Here Is a Failure to Communicate!
 
EndpointSecurityConcerns2014
EndpointSecurityConcerns2014EndpointSecurityConcerns2014
EndpointSecurityConcerns2014
 
20140121 cisec-safety criticalsoftwaredevelopment
20140121 cisec-safety criticalsoftwaredevelopment20140121 cisec-safety criticalsoftwaredevelopment
20140121 cisec-safety criticalsoftwaredevelopment
 
Most expensive IT Security Incidents
Most expensive IT Security IncidentsMost expensive IT Security Incidents
Most expensive IT Security Incidents
 
The Hidden Risk of Component Based Software Development
The Hidden Risk of Component Based Software DevelopmentThe Hidden Risk of Component Based Software Development
The Hidden Risk of Component Based Software Development
 
State of DevSecOps - GTACS 2019
State of DevSecOps - GTACS 2019State of DevSecOps - GTACS 2019
State of DevSecOps - GTACS 2019
 
Fortify Continuous Delivery
Fortify Continuous DeliveryFortify Continuous Delivery
Fortify Continuous Delivery
 
State of DevSecOps - DevOpsDays Jakarta 2019
State of DevSecOps - DevOpsDays Jakarta 2019State of DevSecOps - DevOpsDays Jakarta 2019
State of DevSecOps - DevOpsDays Jakarta 2019
 
Penetration Testing
Penetration TestingPenetration Testing
Penetration Testing
 
Sonatype's 2013 OSS Software Survey
Sonatype's 2013 OSS Software Survey Sonatype's 2013 OSS Software Survey
Sonatype's 2013 OSS Software Survey
 
State of DevSecOps - DevSecOpsDays 2019
State of DevSecOps - DevSecOpsDays 2019State of DevSecOps - DevSecOpsDays 2019
State of DevSecOps - DevSecOpsDays 2019
 
Live 2014 Survey Results: Open Source Development and Application Security Su...
Live 2014 Survey Results: Open Source Development and Application Security Su...Live 2014 Survey Results: Open Source Development and Application Security Su...
Live 2014 Survey Results: Open Source Development and Application Security Su...
 
DevSecOps in 2031: How robots and humans will secure apps together Log
DevSecOps in 2031: How robots and humans will secure apps together LogDevSecOps in 2031: How robots and humans will secure apps together Log
DevSecOps in 2031: How robots and humans will secure apps together Log
 
Automate and Enhance Application Security Analysis
Automate and Enhance Application Security AnalysisAutomate and Enhance Application Security Analysis
Automate and Enhance Application Security Analysis
 

Similar to Webinar: Systems Failures Fuel Security-Focused Design Practices

Managing Software Risk with CAST
Managing Software Risk with CASTManaging Software Risk with CAST
Managing Software Risk with CASTCAST
 
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptx
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptxEmphasizing Value of Prioritizing AppSec Meetup 11052023.pptx
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptxlior mazor
 
NEW_Security Priorities 2021_Sample Slides.pdf
NEW_Security Priorities 2021_Sample Slides.pdfNEW_Security Priorities 2021_Sample Slides.pdf
NEW_Security Priorities 2021_Sample Slides.pdfIDG
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxYoisRoberthTapiadeLa
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxVictoriaChavesta
 
From Zero to DevSecOps: How to Implement Security at the Speed of DevOps
From Zero to DevSecOps: How to Implement Security at the Speed of DevOps From Zero to DevSecOps: How to Implement Security at the Speed of DevOps
From Zero to DevSecOps: How to Implement Security at the Speed of DevOps WhiteSource
 
Secure DevOPS Implementation Guidance
Secure DevOPS Implementation GuidanceSecure DevOPS Implementation Guidance
Secure DevOPS Implementation GuidanceTej Luthra
 
Security Across the Cloud Native Continuum with ESG and Palo Alto Networks
Security Across the Cloud Native Continuum with ESG and Palo Alto NetworksSecurity Across the Cloud Native Continuum with ESG and Palo Alto Networks
Security Across the Cloud Native Continuum with ESG and Palo Alto NetworksDevOps.com
 
Modernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source SoftwareModernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source SoftwareDevOps.com
 
2014 Cloud Computing Survey
2014 Cloud Computing Survey2014 Cloud Computing Survey
2014 Cloud Computing SurveyIDG
 
Security that Scales with Cloud Native Development
Security that Scales with Cloud Native DevelopmentSecurity that Scales with Cloud Native Development
Security that Scales with Cloud Native DevelopmentPanoptica
 
Introduction of Secure Software Development Lifecycle
Introduction of Secure Software Development LifecycleIntroduction of Secure Software Development Lifecycle
Introduction of Secure Software Development LifecycleRishi Kant
 
The Increasing Value and Complexity of Software Call for the Reevaluation of ...
The Increasing Value and Complexity of Software Call for the Reevaluation of ...The Increasing Value and Complexity of Software Call for the Reevaluation of ...
The Increasing Value and Complexity of Software Call for the Reevaluation of ...PRQA
 
Shifting Left…AND Right to Ensure Full Application Security Coverage
Shifting Left…AND Right to Ensure Full Application Security CoverageShifting Left…AND Right to Ensure Full Application Security Coverage
Shifting Left…AND Right to Ensure Full Application Security CoverageDevOps.com
 
Achieving Hi-Fidelity Security by Combining Packet and Endpoint Data
Achieving Hi-Fidelity Security by Combining Packet and Endpoint DataAchieving Hi-Fidelity Security by Combining Packet and Endpoint Data
Achieving Hi-Fidelity Security by Combining Packet and Endpoint DataEnterprise Management Associates
 
From Zero to DevSecOps: How to Implement Security at the Speed of DevOps
From Zero to DevSecOps: How to Implement Security at the Speed of DevOpsFrom Zero to DevSecOps: How to Implement Security at the Speed of DevOps
From Zero to DevSecOps: How to Implement Security at the Speed of DevOpsDevOps.com
 
DevSecOps: Minimizing Risk, Improving Security
DevSecOps: Minimizing Risk, Improving SecurityDevSecOps: Minimizing Risk, Improving Security
DevSecOps: Minimizing Risk, Improving SecurityFranklin Mosley
 
04. Agile development of sustainable software - Joost Visser - #ScaBru18
04. Agile development of sustainable software - Joost Visser - #ScaBru1804. Agile development of sustainable software - Joost Visser - #ScaBru18
04. Agile development of sustainable software - Joost Visser - #ScaBru18AgileConsortiumINT
 
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...CA Technologies
 

Similar to Webinar: Systems Failures Fuel Security-Focused Design Practices (20)

Managing Software Risk with CAST
Managing Software Risk with CASTManaging Software Risk with CAST
Managing Software Risk with CAST
 
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptx
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptxEmphasizing Value of Prioritizing AppSec Meetup 11052023.pptx
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptx
 
NEW_Security Priorities 2021_Sample Slides.pdf
NEW_Security Priorities 2021_Sample Slides.pdfNEW_Security Priorities 2021_Sample Slides.pdf
NEW_Security Priorities 2021_Sample Slides.pdf
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptx
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptx
 
From Zero to DevSecOps: How to Implement Security at the Speed of DevOps
From Zero to DevSecOps: How to Implement Security at the Speed of DevOps From Zero to DevSecOps: How to Implement Security at the Speed of DevOps
From Zero to DevSecOps: How to Implement Security at the Speed of DevOps
 
Secure DevOPS Implementation Guidance
Secure DevOPS Implementation GuidanceSecure DevOPS Implementation Guidance
Secure DevOPS Implementation Guidance
 
Security Across the Cloud Native Continuum with ESG and Palo Alto Networks
Security Across the Cloud Native Continuum with ESG and Palo Alto NetworksSecurity Across the Cloud Native Continuum with ESG and Palo Alto Networks
Security Across the Cloud Native Continuum with ESG and Palo Alto Networks
 
Modernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source SoftwareModernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source Software
 
Mobile Testing in the Cloud
Mobile Testing in the CloudMobile Testing in the Cloud
Mobile Testing in the Cloud
 
2014 Cloud Computing Survey
2014 Cloud Computing Survey2014 Cloud Computing Survey
2014 Cloud Computing Survey
 
Security that Scales with Cloud Native Development
Security that Scales with Cloud Native DevelopmentSecurity that Scales with Cloud Native Development
Security that Scales with Cloud Native Development
 
Introduction of Secure Software Development Lifecycle
Introduction of Secure Software Development LifecycleIntroduction of Secure Software Development Lifecycle
Introduction of Secure Software Development Lifecycle
 
The Increasing Value and Complexity of Software Call for the Reevaluation of ...
The Increasing Value and Complexity of Software Call for the Reevaluation of ...The Increasing Value and Complexity of Software Call for the Reevaluation of ...
The Increasing Value and Complexity of Software Call for the Reevaluation of ...
 
Shifting Left…AND Right to Ensure Full Application Security Coverage
Shifting Left…AND Right to Ensure Full Application Security CoverageShifting Left…AND Right to Ensure Full Application Security Coverage
Shifting Left…AND Right to Ensure Full Application Security Coverage
 
Achieving Hi-Fidelity Security by Combining Packet and Endpoint Data
Achieving Hi-Fidelity Security by Combining Packet and Endpoint DataAchieving Hi-Fidelity Security by Combining Packet and Endpoint Data
Achieving Hi-Fidelity Security by Combining Packet and Endpoint Data
 
From Zero to DevSecOps: How to Implement Security at the Speed of DevOps
From Zero to DevSecOps: How to Implement Security at the Speed of DevOpsFrom Zero to DevSecOps: How to Implement Security at the Speed of DevOps
From Zero to DevSecOps: How to Implement Security at the Speed of DevOps
 
DevSecOps: Minimizing Risk, Improving Security
DevSecOps: Minimizing Risk, Improving SecurityDevSecOps: Minimizing Risk, Improving Security
DevSecOps: Minimizing Risk, Improving Security
 
04. Agile development of sustainable software - Joost Visser - #ScaBru18
04. Agile development of sustainable software - Joost Visser - #ScaBru1804. Agile development of sustainable software - Joost Visser - #ScaBru18
04. Agile development of sustainable software - Joost Visser - #ScaBru18
 
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...
 

More from Synopsys Software Integrity Group

Webinar–Mobile Application Hardening Protecting Business Critical Apps
Webinar–Mobile Application Hardening Protecting Business Critical AppsWebinar–Mobile Application Hardening Protecting Business Critical Apps
Webinar–Mobile Application Hardening Protecting Business Critical AppsSynopsys Software Integrity Group
 
Webinar–You've Got Your Open Source Audit Report–Now What?
Webinar–You've Got Your Open Source Audit Report–Now What? Webinar–You've Got Your Open Source Audit Report–Now What?
Webinar–You've Got Your Open Source Audit Report–Now What? Synopsys Software Integrity Group
 
Do Design Quality and Code Quality Matter in Merger and Acquisition Tech Due ...
Do Design Quality and Code Quality Matter in Merger and Acquisition Tech Due ...Do Design Quality and Code Quality Matter in Merger and Acquisition Tech Due ...
Do Design Quality and Code Quality Matter in Merger and Acquisition Tech Due ...Synopsys Software Integrity Group
 
Webinar–Financial Services Study Shows Why Investing in AppSec Matters
Webinar–Financial Services Study Shows Why Investing in AppSec MattersWebinar–Financial Services Study Shows Why Investing in AppSec Matters
Webinar–Financial Services Study Shows Why Investing in AppSec MattersSynopsys Software Integrity Group
 
Webinar–Improving Fuzz Testing of Infotainment Systems and Telematics Units U...
Webinar–Improving Fuzz Testing of Infotainment Systems and Telematics Units U...Webinar–Improving Fuzz Testing of Infotainment Systems and Telematics Units U...
Webinar–Improving Fuzz Testing of Infotainment Systems and Telematics Units U...Synopsys Software Integrity Group
 
Webinar–Is Your Software Security Supply Chain a Security Blind Spot?
Webinar–Is Your Software Security Supply Chain a Security Blind Spot?Webinar–Is Your Software Security Supply Chain a Security Blind Spot?
Webinar–Is Your Software Security Supply Chain a Security Blind Spot?Synopsys Software Integrity Group
 
Webinar–Sécurité Applicative et DevSecOps dans un monde Agile
Webinar–Sécurité Applicative et DevSecOps dans un monde AgileWebinar–Sécurité Applicative et DevSecOps dans un monde Agile
Webinar–Sécurité Applicative et DevSecOps dans un monde AgileSynopsys Software Integrity Group
 
Webinar–Creating a Modern AppSec Toolchain to Quantify Service Risks
Webinar–Creating a Modern AppSec Toolchain to Quantify Service RisksWebinar–Creating a Modern AppSec Toolchain to Quantify Service Risks
Webinar–Creating a Modern AppSec Toolchain to Quantify Service RisksSynopsys Software Integrity Group
 
Webinar – Streamling Your Tech Due Diligence Process for Software Assets
Webinar – Streamling Your Tech Due Diligence Process for Software AssetsWebinar – Streamling Your Tech Due Diligence Process for Software Assets
Webinar – Streamling Your Tech Due Diligence Process for Software AssetsSynopsys Software Integrity Group
 

More from Synopsys Software Integrity Group (20)

Webinar–Segen oder Fluch?
Webinar–Segen oder Fluch?Webinar–Segen oder Fluch?
Webinar–Segen oder Fluch?
 
Webinar–Mobile Application Hardening Protecting Business Critical Apps
Webinar–Mobile Application Hardening Protecting Business Critical AppsWebinar–Mobile Application Hardening Protecting Business Critical Apps
Webinar–Mobile Application Hardening Protecting Business Critical Apps
 
Webinar–The 2019 Open Source Year in Review
Webinar–The 2019 Open Source Year in ReviewWebinar–The 2019 Open Source Year in Review
Webinar–The 2019 Open Source Year in Review
 
Webinar–Best Practices for DevSecOps at Scale
Webinar–Best Practices for DevSecOps at ScaleWebinar–Best Practices for DevSecOps at Scale
Webinar–Best Practices for DevSecOps at Scale
 
Webinar–That is Not How This Works
Webinar–That is Not How This WorksWebinar–That is Not How This Works
Webinar–That is Not How This Works
 
Webinar–You've Got Your Open Source Audit Report–Now What?
Webinar–You've Got Your Open Source Audit Report–Now What? Webinar–You've Got Your Open Source Audit Report–Now What?
Webinar–You've Got Your Open Source Audit Report–Now What?
 
Webinar–OWASP Top 10 for JavaScript for Developers
Webinar–OWASP Top 10 for JavaScript for DevelopersWebinar–OWASP Top 10 for JavaScript for Developers
Webinar–OWASP Top 10 for JavaScript for Developers
 
Webinar–The State of Open Source in M&A Transactions
Webinar–The State of Open Source in M&A Transactions Webinar–The State of Open Source in M&A Transactions
Webinar–The State of Open Source in M&A Transactions
 
Webinar–5 ways to risk rank your vulnerabilities
Webinar–5 ways to risk rank your vulnerabilitiesWebinar–5 ways to risk rank your vulnerabilities
Webinar–5 ways to risk rank your vulnerabilities
 
Do Design Quality and Code Quality Matter in Merger and Acquisition Tech Due ...
Do Design Quality and Code Quality Matter in Merger and Acquisition Tech Due ...Do Design Quality and Code Quality Matter in Merger and Acquisition Tech Due ...
Do Design Quality and Code Quality Matter in Merger and Acquisition Tech Due ...
 
Webinar–Using Evidence-Based Security
Webinar–Using Evidence-Based Security Webinar–Using Evidence-Based Security
Webinar–Using Evidence-Based Security
 
Webinar–Delivering a Next Generation Vulnerability Feed
Webinar–Delivering a Next Generation Vulnerability FeedWebinar–Delivering a Next Generation Vulnerability Feed
Webinar–Delivering a Next Generation Vulnerability Feed
 
Webinar–Financial Services Study Shows Why Investing in AppSec Matters
Webinar–Financial Services Study Shows Why Investing in AppSec MattersWebinar–Financial Services Study Shows Why Investing in AppSec Matters
Webinar–Financial Services Study Shows Why Investing in AppSec Matters
 
Webinar–What You Need To Know About Open Source Licensing
Webinar–What You Need To Know About Open Source LicensingWebinar–What You Need To Know About Open Source Licensing
Webinar–What You Need To Know About Open Source Licensing
 
Webinar–Improving Fuzz Testing of Infotainment Systems and Telematics Units U...
Webinar–Improving Fuzz Testing of Infotainment Systems and Telematics Units U...Webinar–Improving Fuzz Testing of Infotainment Systems and Telematics Units U...
Webinar–Improving Fuzz Testing of Infotainment Systems and Telematics Units U...
 
Webinar–Why All Open Source Scans Aren't Created Equal
Webinar–Why All Open Source Scans Aren't Created EqualWebinar–Why All Open Source Scans Aren't Created Equal
Webinar–Why All Open Source Scans Aren't Created Equal
 
Webinar–Is Your Software Security Supply Chain a Security Blind Spot?
Webinar–Is Your Software Security Supply Chain a Security Blind Spot?Webinar–Is Your Software Security Supply Chain a Security Blind Spot?
Webinar–Is Your Software Security Supply Chain a Security Blind Spot?
 
Webinar–Sécurité Applicative et DevSecOps dans un monde Agile
Webinar–Sécurité Applicative et DevSecOps dans un monde AgileWebinar–Sécurité Applicative et DevSecOps dans un monde Agile
Webinar–Sécurité Applicative et DevSecOps dans un monde Agile
 
Webinar–Creating a Modern AppSec Toolchain to Quantify Service Risks
Webinar–Creating a Modern AppSec Toolchain to Quantify Service RisksWebinar–Creating a Modern AppSec Toolchain to Quantify Service Risks
Webinar–Creating a Modern AppSec Toolchain to Quantify Service Risks
 
Webinar – Streamling Your Tech Due Diligence Process for Software Assets
Webinar – Streamling Your Tech Due Diligence Process for Software AssetsWebinar – Streamling Your Tech Due Diligence Process for Software Assets
Webinar – Streamling Your Tech Due Diligence Process for Software Assets
 

Recently uploaded

Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about usDynamic Netsoft
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - InfographicHr365.us smith
 
Engage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyEngage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyFrank van der Linden
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...gurkirankumar98700
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEOrtus Solutions, Corp
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfjoe51371421
 
Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationkaushalgiri8080
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataBradBedford3
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackVICTOR MAESTRE RAMIREZ
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptkotipi9215
 

Recently uploaded (20)

Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about us
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - Infographic
 
Engage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyEngage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The Ugly
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
 
Exploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the ProcessExploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the Process
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdf
 
Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanation
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStack
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.ppt
 

Webinar: Systems Failures Fuel Security-Focused Design Practices

  • 1. Systems Failures Fuel Security- Focused Design Practices VDC Research | IoT & Embedded Technology August 2017
  • 2. 2© 2017 VDC Research Group, Inc. Today’s speakers Chris Rommel, Executive Vice President at VDC Research Joe Jarzombek, Global Manager Software Supply Chain at Synopsys
  • 3. 3© 2017 VDC Research Group, Inc. 19.0% 57.1% 23.8% Yes No Don't Know 14.8% 71.4% 13.8% All Respondents Aerospace & Defense Past Exposure or Identification of Security Vulnerabilities/Failures within Organization Security is Already a Significant Problem
  • 4. 4© 2017 VDC Research Group, Inc. 8.1% 4.0% 16.2% 12.5% 13.5% 12.6% 13.5% 19.2% 13.5% 18.2% 18.9% 20.2% 16.2% 13.4% 0% 20% 40% 60% 80% 100% Aerospace & Defense All Respondents Critical Very Important Important Medium Importance Somewhat Important Not Very Important Not Important At All Devices are more intelligent, more connected and more at risk than ever before. Many OEMs and end users wary of potential security problems But only ½ A&D Engs view Security as Important Need to overcome user inertia: “if it ain’t broke, don’t fix it” OEMs need to understand the breadth and magnitude of risk/costs Importance of Security on Current Project/Program But Does Anyone Care?
  • 5. 5© 2017 VDC Research Group, Inc. 15.2% 13.1% 71.7% Commercial Third-party Software Open Source Third-Party Software In-house Developed Code More sophisticated functionality; more dependence on software functionality The average A&D project now has nearly 222K lines of code Distribution and sources of software code (3rd party, in- house, auto-generated, etc.) is also changing Percent of Total Software Code in Final Design Software Evolution Redefining Threat Landscape
  • 6. 6© 2017 VDC Research Group, Inc. 12.5% 3.1% 28.1% 9.4% 15.6% 15.6% 12.5% 3.1% 100% New 90% New / 10% Reused 75% New / 25% Reused 60% New / 40% Reused 50% New / 50% Reused 40% New / 60% Reused 25% New / 75% Reused 10% New / 90% Reused Most code used in project developed by someone else 46% of engineers report that at least 50% of their code is reused from prior projects Risk management profiles vary between stakeholder groups with sometimes unclear ownership of liability Code Reuse Cloudy SW Supply Chains Increase Risk
  • 7. 7© 2017 VDC Research Group, Inc. 1.2%5.3% 6.1%10.5% 26.2% 31.6% 47.1% 52.6% 19.3% 0% 20% 40% 60% 80% 100% Aerospace & Defense All Respondents Device is Unconnected Embedded Data/ Functionality Deemed Insensitive Security Expected to be Added by End Users Other Don't know Some think security is not their problem to address Expectation that end users can bolt on security is a recipe for failure Even unconnected devices can become connected Reason Security is Not Important Time to Change Priorities
  • 8. 8© 2017 VDC Research Group, Inc. 4.3% 4.3% 15.2% 17.4% 19.6% 21.7% 23.9% 26.1% 32.6% 0% 5% 10% 15% 20% 25% 30% 35% Don’t Know Other IP Theft Data Theft/Data Harvest Device Malfunction Network Host Services Disabled Loss of System/Service Disabled Attack or Vulnerability in Lab Device Hijack Consequences of software exploits are multi-faceted Failure of any type, even “cockpit errors,” will always point back to SI/OEM at some point Results of Security Vulnerability Growing Cost of Failure
  • 9. 9© 2017 VDC Research Group, Inc. 45.7% 39.1% 32.6% 21.7% 17.4% 21.7% 2.2% 0% 10% 20% 30% 40% 50% Reputation Financial Operational Legal Human No Damaged Cause Don't Know Loss of confidence and brand equity can be a serious issue In safety-critical applications, consequences can be much more dire Critical that engineering orgs adopt best practices to protect themselves Implications of Security Vulnerabilities A&D Security Risks Deep and Multifaceted
  • 10. 10© 2017 VDC Research Group, Inc. New tools can help address many issues SW quality investment should scale with SW dev resources Diverse/integrated testing SW composition analysis Eng Orgs must take proactive steps to improve system security and reduce financial risk Implement during dev Reduce number of vulnerabilities Reduce cost of remediation Types of Tools Used on Current Project/Program Securing Your Bottom-line During Development 5.7% 7.8% 7.5% 6.3% 16.1% 4.2% 15.9% 23.7% 32.9% 30.8% 0.0% 2.2% 2.2% 2.2% 8.9% 8.9% 24.4% 26.7% 31.1% 33.3% 0% 20% 40% Dynamic Application Security Testing Interactive Application Security Testing Software Composition Analysis (SCA) Static Application Security Testing Dynamic Software Testing Binary Analysis Model-based Software Testing Peer Code Review Unit Testing Static Analysis MilAero All Respondents
  • 11. 11© 2017 VDC Research Group, Inc. 11.5% Currently Using Static Analysis Tools Aerospace & Defense All Respondents 18.8% 13.9% Security defects not unique to one industry But A&D need to be held to higher standard Reevaluate not only internal processes, but also supply chain and procurement standards Past Exposure or Identification of Security Vulnerabilities/Failures Must Identify SW Problems Before they Become Sec Issue
  • 12. 12© 2017 VDC Research Group, Inc. Final Summary & Recommendations Increasing System Complexity Necessitates Change Tools Help Productivity, Quality, Safety AND Security Industry Collaboration and Self-Governance 1 2 3
  • 13. 13© 2017 VDC Research Group, Inc. Q&A
  • 14. 14© 2017 VDC Research Group, Inc. Thank you Contact us: software-integrity-info@synopsys.com Email: crommel@vdcresearch.com @chris_rommel @SW Integrity