SlideShare a Scribd company logo

Synopsys Security Event Israel Presentation: Keynote: Securing Your Software, Today and in the Future

Synopsys Software Integrity Group
Synopsys Software Integrity Group

At the Synopsys Security Event - Israel, Girish Janardhanudu, VP Security Consulting, Synopsys presented on software security. For more information, please visit us at www.synopsys.com/software

Software
1 of 17
Download to read offline
© 2018 Synopsys, Inc. 1 Build Secure, High-Quality Software Faster Girish Janardhanudu, Vice President, Security Consulting, Software Integrity Group
© 2018 Synopsys, Inc. 2 A solid foundation for long term stability and growth 1 Microsoft 2 Oracle 3 SAP 4 Symantec 5 VMware 6 Salesforce 7 Intuit 8 CA Technologies 9 Adobe 10 Teradata 11 Amdocs 12 Cerner 13 Citrix 14 Autodesk 15 Synopsys 16 Sage Group 17 Akamai Technologies 18 Nuance 19 Open Text 20 F5 Networks Top 20 Global Software Companies Engineering Culture Total Employees: ~12,000 Engineers: 50% Software Integrity Group: ~1,500 Global Reach 30+ years Market Cap: ~ $13B 2017 Revenue: $2.7B
© 2018 Synopsys, Inc. 3 Application security is in our DNA The authority on open source security & risk management Published Thought Leadership in software security The team and technology that found Heartbleed Pioneer in Software Quality and Software Security Static Analysis Pioneer of IAST - Interactive Application Security Testing
© 2018 Synopsys, Inc. 4 Mobile / Consumer Devices Enterprise Networking and Software High Reliability Systems Financial Services Deep experience in software security and quality testing for many industries
© 2018 Synopsys, Inc. 5 A trusted partner to over 4,000 companies 16 of the top 20 commercial banks 9 of the top 10 ISVs 7 of the top 10 aerospace and defense firms 8 of the top 10 global brands 6 of the top 10 semiconductor companies
© 2018 Synopsys, Inc. 6 The recognized leader in end-to-end application security Forrester Wave Static Application Security Testing Forrester Wave Software Composition Analysis Gartner Magic Quadrant Application Security Testing Synopsys is the only vendor recognized as the leader in both SAST and SCA
© 2018 Synopsys, Inc. 7 Major security trends • Increased regulations • Data manipulation vs data access • Shortage of security resources • Pace of attacks • IOT (edge of the network) • DevSecOpps, Cloud & CI/CD • Secure by design or “shift left”
© 2018 Synopsys, Inc. 8 Major security trends • Increased regulations • Data manipulation vs data access • Shortage of security resources • Pace of attacks • IOT (edge of the network) • DevSecOpps, Cloud & CI/CD • Secure by design or “shift left”
© 2018 Synopsys, Inc. 10 The Evolving Landscape of Software Development Impacts Software Integrity Embedded devices Cloud (private, hybrid, public) Languages, open source and frameworks New tech stacks and attack surfaces Agile, DevOpsSec, CI/CD Fit into toolchain eco-systems Automation through toolchain integration New development philosophies and approaches Comprehensive view into risk Accuracy and speed of quality defects and security vulnerability feedback Focus Lack visibility into evolving application portfolio Align with workflow timeframes Security as a core component of quality Testing coverage and depth Changing testing demands
© 2018 Synopsys, Inc. 11 To succeed, you need to take a multi-layer approach Strategy Programs Services Tools
© 2018 Synopsys, Inc. 12 We help teams build secure, high quality software faster DevSecOps Tools Managed Services Strategy & Planning Professional Services Build Security In Maturity Model (BSIMM) Coverity Static Analysis Black Duck Software Composition Analysis Seeker / Defensics Dynamic Analysis DevSecOps Integration Architecture and Design Security Training Cloud Security Industry Solutions Maturity Action Plan (MAP) Mobile Security Testing SAST Penetration Testing DAST
© 2018 Synopsys, Inc. 13 We help teams build secure, high quality software faster DevSecOps Tools Managed Services Strategy & Planning Professional Services Build Security In Maturity Model (BSIMM) Coverity Static Analysis Black Duck Software Composition Analysis Seeker / Defensics Dynamic Analysis DevSecOps Integration Architecture and Design Security Training Cloud Security Industry Solutions Maturity Action Plan (MAP) Mobile Security Testing SAST Penetration Testing DAST
© 2018 Synopsys, Inc. 14 Scale• Augmenting internal teams with external resources for scalability • Identify and prioritize vulnerabilities for remediation • Integrating with DevOps Software Security Initiatives are a Journey Launch • Pen testing to find vulnerabilities • Compliance driven • Low level testing • Programmatically managing risk across your software release cycles • Driving efficiencies through SDLC integration • Purposeful blend of automated and manual testing processes Optimize OVERLAYINTEGRATE REACT PREVENT
© 2018 Synopsys, Inc. 15 Know where your software security initiatives stand compared to your peers BSIMM - Build Security In Maturity Model • Base your SSI on industry best practices • Compare your SSI against others using 200+ metrics • Benchmark and track SSI growth • Interact and learn from BSIMM community peers Strategy & Planning
© 2018 Synopsys, Inc. 16 • Set objectives, outline a strategy, identify resources • Equip staff to build and operate secure software • Define how and when to address each software asset • Plan activities to verify your software security program Build, evolve, and maintain your software security initiatives MAP – Maturity Action Plan Strategy & Planning
© 2018 Synopsys, Inc. 17 What this means to our customers Any test Static, software composition, or dynamic analysis On any software From legacy to mobile to cloud to IoT and beyond At any depth From rapid automated scanning to comprehensive analysis With complete flexibility From DevSecOps tools to on-demand services At any SDLC stage From design & build to integrate & deploy With tools and services From strategy & planning to acceleration & integration
Thank You

Recommended

Static Analysis Primer
Static Analysis PrimerStatic Analysis Primer
Static Analysis Primer
Coverity
 
DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline
James Wickett
 
SonarQube: Continuous Code Inspection
SonarQube: Continuous Code InspectionSonarQube: Continuous Code Inspection
SonarQube: Continuous Code Inspection
Michael Jesse
 
DevSecOps Singapore introduction
DevSecOps Singapore introductionDevSecOps Singapore introduction
DevSecOps Singapore introduction
Stefan Streichsbier
 
DevSecOps: What Why and How : Blackhat 2019
DevSecOps: What Why and How : Blackhat 2019DevSecOps: What Why and How : Blackhat 2019
DevSecOps: What Why and How : Blackhat 2019
NotSoSecure Global Services
 
Sonarqube
SonarqubeSonarqube
Sonarqube
Peerapat Asoktummarungsri
 
The What, Why, and How of DevSecOps
The What, Why, and How of DevSecOpsThe What, Why, and How of DevSecOps
The What, Why, and How of DevSecOps
Cprime
 
Code Review
Code ReviewCode Review
Code Review
Mikalai Alimenkou
 

Recommended

Static Analysis Primer
Static Analysis PrimerStatic Analysis Primer
Static Analysis Primer
Coverity
 
DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline
James Wickett
 
SonarQube: Continuous Code Inspection
SonarQube: Continuous Code InspectionSonarQube: Continuous Code Inspection
SonarQube: Continuous Code Inspection
Michael Jesse
 
DevSecOps Singapore introduction
DevSecOps Singapore introductionDevSecOps Singapore introduction
DevSecOps Singapore introduction
Stefan Streichsbier
 
DevSecOps: What Why and How : Blackhat 2019
DevSecOps: What Why and How : Blackhat 2019DevSecOps: What Why and How : Blackhat 2019
DevSecOps: What Why and How : Blackhat 2019
NotSoSecure Global Services
 
Sonarqube
SonarqubeSonarqube
Sonarqube
Peerapat Asoktummarungsri
 
The What, Why, and How of DevSecOps
The What, Why, and How of DevSecOpsThe What, Why, and How of DevSecOps
The What, Why, and How of DevSecOps
Cprime
 
Code Review
Code ReviewCode Review
Code Review
Mikalai Alimenkou
 
Bridging the Security Testing Gap in Your CI/CD Pipeline
Bridging the Security Testing Gap in Your CI/CD PipelineBridging the Security Testing Gap in Your CI/CD Pipeline
Bridging the Security Testing Gap in Your CI/CD Pipeline
DevOps.com
 
Sonarqube
SonarqubeSonarqube
Sonarqube
Kalkey
 
Anti-Patterns
Anti-PatternsAnti-Patterns
Anti-Patterns
CleanestCode
 
Sonar Overview
Sonar OverviewSonar Overview
Sonar Overview
Samuel Langlois
 
Secure DevOPS Implementation Guidance
Secure DevOPS Implementation GuidanceSecure DevOPS Implementation Guidance
Secure DevOPS Implementation Guidance
Tej Luthra
 
DevOps and Build Automation
DevOps and Build AutomationDevOps and Build Automation
DevOps and Build Automation
Heiswayi Nrird
 
Integrating Security into DevOps
Integrating Security into DevOpsIntegrating Security into DevOps
Integrating Security into DevOps
CloudPassage
 
JFTL2015 - Tester une application mobile de A à Z
JFTL2015 - Tester une application mobile de A à ZJFTL2015 - Tester une application mobile de A à Z
JFTL2015 - Tester une application mobile de A à Z
Cedric GAUTIER
 
CI/CD for mobile at HERE
CI/CD for mobile at HERECI/CD for mobile at HERE
CI/CD for mobile at HERE
Stefan Verhoeff
 
The story of SonarQube told to a DevOps Engineer
The story of SonarQube told to a DevOps EngineerThe story of SonarQube told to a DevOps Engineer
The story of SonarQube told to a DevOps Engineer
Manu Pk
 
SonarQube Overview
SonarQube OverviewSonarQube Overview
SonarQube Overview
Ahmed M. Gomaa
 
DevSecOps - Integrating Security in the Development Process (with memes) - Ma...
DevSecOps - Integrating Security in the Development Process (with memes) - Ma...DevSecOps - Integrating Security in the Development Process (with memes) - Ma...
DevSecOps - Integrating Security in the Development Process (with memes) - Ma...
Magno Logan
 
Practical DevSecOps - Arief Karfianto
Practical DevSecOps - Arief KarfiantoPractical DevSecOps - Arief Karfianto
Practical DevSecOps - Arief Karfianto
idsecconf
 
DevSecOps - The big picture
DevSecOps - The big pictureDevSecOps - The big picture
DevSecOps - The big picture
DevSecOpsSg
 
DevOps to DevSecOps Journey..
DevOps to DevSecOps Journey..DevOps to DevSecOps Journey..
DevOps to DevSecOps Journey..
Siddharth Joshi
 
Transform Agile Development With Practical DevOps
Transform Agile Development With Practical DevOpsTransform Agile Development With Practical DevOps
Transform Agile Development With Practical DevOps
Gaurav Sharma
 
DEVSECOPS.pptx
DEVSECOPS.pptxDEVSECOPS.pptx
DEVSECOPS.pptx
MohammadSaif904342
 
[DevSecOps Live] DevSecOps: Challenges and Opportunities
[DevSecOps Live] DevSecOps: Challenges and Opportunities[DevSecOps Live] DevSecOps: Challenges and Opportunities
[DevSecOps Live] DevSecOps: Challenges and Opportunities
Mohammed A. Imran
 
Test Early, Test Often, Test Left
Test Early, Test Often, Test LeftTest Early, Test Often, Test Left
Test Early, Test Often, Test Left
SmartBear
 
Software Craftsmanship
Software CraftsmanshipSoftware Craftsmanship
Software Craftsmanship
Sandro Mancuso
 
Webinar–Best Practices for DevSecOps at Scale
Webinar–Best Practices for DevSecOps at ScaleWebinar–Best Practices for DevSecOps at Scale
Webinar–Best Practices for DevSecOps at Scale
Synopsys Software Integrity Group
 
Webinar – Risk-based adaptive DevSecOps
Webinar – Risk-based adaptive DevSecOps Webinar – Risk-based adaptive DevSecOps
Webinar – Risk-based adaptive DevSecOps
Synopsys Software Integrity Group
 

More Related Content

What's hot

Bridging the Security Testing Gap in Your CI/CD Pipeline
Bridging the Security Testing Gap in Your CI/CD PipelineBridging the Security Testing Gap in Your CI/CD Pipeline
Bridging the Security Testing Gap in Your CI/CD Pipeline
DevOps.com
 
Sonarqube
SonarqubeSonarqube
Sonarqube
Kalkey
 
Integrating Security into DevOps
Integrating Security into DevOpsIntegrating Security into DevOps
Integrating Security into DevOps
CloudPassage
 
JFTL2015 - Tester une application mobile de A à Z
JFTL2015 - Tester une application mobile de A à ZJFTL2015 - Tester une application mobile de A à Z
JFTL2015 - Tester une application mobile de A à Z
Cedric GAUTIER
 

What's hot (20)

Bridging the Security Testing Gap in Your CI/CD Pipeline
Bridging the Security Testing Gap in Your CI/CD PipelineBridging the Security Testing Gap in Your CI/CD Pipeline
Bridging the Security Testing Gap in Your CI/CD Pipeline
 
Sonarqube
SonarqubeSonarqube
Sonarqube
 
Anti-Patterns
Anti-PatternsAnti-Patterns
Anti-Patterns
 
Sonar Overview
Sonar OverviewSonar Overview
Sonar Overview
 
Secure DevOPS Implementation Guidance
Secure DevOPS Implementation GuidanceSecure DevOPS Implementation Guidance
Secure DevOPS Implementation Guidance
 
DevOps and Build Automation
DevOps and Build AutomationDevOps and Build Automation
DevOps and Build Automation
 
Integrating Security into DevOps
Integrating Security into DevOpsIntegrating Security into DevOps
Integrating Security into DevOps
 
JFTL2015 - Tester une application mobile de A à Z
JFTL2015 - Tester une application mobile de A à ZJFTL2015 - Tester une application mobile de A à Z
JFTL2015 - Tester une application mobile de A à Z
 
CI/CD for mobile at HERE
CI/CD for mobile at HERECI/CD for mobile at HERE
CI/CD for mobile at HERE
 
The story of SonarQube told to a DevOps Engineer
The story of SonarQube told to a DevOps EngineerThe story of SonarQube told to a DevOps Engineer
The story of SonarQube told to a DevOps Engineer
 
SonarQube Overview
SonarQube OverviewSonarQube Overview
SonarQube Overview
 
DevSecOps - Integrating Security in the Development Process (with memes) - Ma...
DevSecOps - Integrating Security in the Development Process (with memes) - Ma...DevSecOps - Integrating Security in the Development Process (with memes) - Ma...
DevSecOps - Integrating Security in the Development Process (with memes) - Ma...
 
Practical DevSecOps - Arief Karfianto
Practical DevSecOps - Arief KarfiantoPractical DevSecOps - Arief Karfianto
Practical DevSecOps - Arief Karfianto
 
DevSecOps - The big picture
DevSecOps - The big pictureDevSecOps - The big picture
DevSecOps - The big picture
 
DevOps to DevSecOps Journey..
DevOps to DevSecOps Journey..DevOps to DevSecOps Journey..
DevOps to DevSecOps Journey..
 
Transform Agile Development With Practical DevOps
Transform Agile Development With Practical DevOpsTransform Agile Development With Practical DevOps
Transform Agile Development With Practical DevOps
 
DEVSECOPS.pptx
DEVSECOPS.pptxDEVSECOPS.pptx
DEVSECOPS.pptx
 
[DevSecOps Live] DevSecOps: Challenges and Opportunities
[DevSecOps Live] DevSecOps: Challenges and Opportunities[DevSecOps Live] DevSecOps: Challenges and Opportunities
[DevSecOps Live] DevSecOps: Challenges and Opportunities
 
Test Early, Test Often, Test Left
Test Early, Test Often, Test LeftTest Early, Test Often, Test Left
Test Early, Test Often, Test Left
 
Software Craftsmanship
Software CraftsmanshipSoftware Craftsmanship
Software Craftsmanship
 

Similar to Synopsys Security Event Israel Presentation: Keynote: Securing Your Software, Today and in the Future

Webinar–Best Practices for DevSecOps at Scale
Webinar–Best Practices for DevSecOps at ScaleWebinar–Best Practices for DevSecOps at Scale
Webinar–Best Practices for DevSecOps at Scale
Synopsys Software Integrity Group
 
Webinar–That is Not How This Works
Webinar–That is Not How This WorksWebinar–That is Not How This Works
Webinar–That is Not How This Works
Synopsys Software Integrity Group
 
Webinar–Creating a Modern AppSec Toolchain to Quantify Service Risks
Webinar–Creating a Modern AppSec Toolchain to Quantify Service RisksWebinar–Creating a Modern AppSec Toolchain to Quantify Service Risks
Webinar–Creating a Modern AppSec Toolchain to Quantify Service Risks
Synopsys Software Integrity Group
 
Take Control: Design a Complete DevSecOps Program
Take Control: Design a Complete DevSecOps ProgramTake Control: Design a Complete DevSecOps Program
Take Control: Design a Complete DevSecOps Program
Deborah Schalm
 
Take Control: Design a Complete DevSecOps Program
Take Control: Design a Complete DevSecOps Program Take Control: Design a Complete DevSecOps Program
Take Control: Design a Complete DevSecOps Program
DevOps.com
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptx
VictoriaChavesta
 
How to Build Security and Risk Management into Agile Environments
How to Build Security and Risk Management into Agile EnvironmentsHow to Build Security and Risk Management into Agile Environments
How to Build Security and Risk Management into Agile Environments
danb02
 

Similar to Synopsys Security Event Israel Presentation: Keynote: Securing Your Software, Today and in the Future (20)

Webinar–Best Practices for DevSecOps at Scale
Webinar–Best Practices for DevSecOps at ScaleWebinar–Best Practices for DevSecOps at Scale
Webinar–Best Practices for DevSecOps at Scale
 
Webinar – Risk-based adaptive DevSecOps
Webinar – Risk-based adaptive DevSecOps Webinar – Risk-based adaptive DevSecOps
Webinar – Risk-based adaptive DevSecOps
 
Webinar–That is Not How This Works
Webinar–That is Not How This WorksWebinar–That is Not How This Works
Webinar–That is Not How This Works
 
Synopsys_site.pptx
Synopsys_site.pptxSynopsys_site.pptx
Synopsys_site.pptx
 
Webinar–Creating a Modern AppSec Toolchain to Quantify Service Risks
Webinar–Creating a Modern AppSec Toolchain to Quantify Service RisksWebinar–Creating a Modern AppSec Toolchain to Quantify Service Risks
Webinar–Creating a Modern AppSec Toolchain to Quantify Service Risks
 
RSA Conference Presentation–Creating a Modern AppSec Toolchain to Quantify Se...
RSA Conference Presentation–Creating a Modern AppSec Toolchain to Quantify Se...RSA Conference Presentation–Creating a Modern AppSec Toolchain to Quantify Se...
RSA Conference Presentation–Creating a Modern AppSec Toolchain to Quantify Se...
 
Webinar–AppSec: Hype or Reality
Webinar–AppSec: Hype or RealityWebinar–AppSec: Hype or Reality
Webinar–AppSec: Hype or Reality
 
SIG-product-overview.pdf
SIG-product-overview.pdfSIG-product-overview.pdf
SIG-product-overview.pdf
 
Analyst Resources for Chief Information Security Officers (CISOs)
Analyst Resources for Chief Information Security Officers (CISOs)Analyst Resources for Chief Information Security Officers (CISOs)
Analyst Resources for Chief Information Security Officers (CISOs)
 
Application Security Testing for a DevOps Mindset
Application Security Testing for a DevOps Mindset Application Security Testing for a DevOps Mindset
Application Security Testing for a DevOps Mindset
 
Take Control: Design a Complete DevSecOps Program
Take Control: Design a Complete DevSecOps ProgramTake Control: Design a Complete DevSecOps Program
Take Control: Design a Complete DevSecOps Program
 
Take Control: Design a Complete DevSecOps Program
Take Control: Design a Complete DevSecOps Program Take Control: Design a Complete DevSecOps Program
Take Control: Design a Complete DevSecOps Program
 
Webinar–Building A Culture of Secure Programming in Your Organization
Webinar–Building A Culture of Secure Programming in Your OrganizationWebinar–Building A Culture of Secure Programming in Your Organization
Webinar–Building A Culture of Secure Programming in Your Organization
 
DevOps Night - Shifting Security to the Left - SCTV Tower - 19 September 2018
DevOps Night - Shifting Security to the Left - SCTV Tower - 19 September 2018DevOps Night - Shifting Security to the Left - SCTV Tower - 19 September 2018
DevOps Night - Shifting Security to the Left - SCTV Tower - 19 September 2018
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptx
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptx
 
Outpost24 Webinar - Creating a sustainable application security program to dr...
Outpost24 Webinar - Creating a sustainable application security program to dr...Outpost24 Webinar - Creating a sustainable application security program to dr...
Outpost24 Webinar - Creating a sustainable application security program to dr...
 
Security Culture from Concept to Maintenance: Secure Software Development Lif...
Security Culture from Concept to Maintenance: Secure Software Development Lif...Security Culture from Concept to Maintenance: Secure Software Development Lif...
Security Culture from Concept to Maintenance: Secure Software Development Lif...
 
How to Build Security and Risk Management into Agile Environments
How to Build Security and Risk Management into Agile EnvironmentsHow to Build Security and Risk Management into Agile Environments
How to Build Security and Risk Management into Agile Environments
 
How to get the best out of DevSecOps - a security perspective
How to get the best out of DevSecOps - a security perspectiveHow to get the best out of DevSecOps - a security perspective
How to get the best out of DevSecOps - a security perspective
 

More from Synopsys Software Integrity Group

Webinar–Segen oder Fluch?
Webinar–Segen oder Fluch?Webinar–Segen oder Fluch?
Webinar–Segen oder Fluch?
Synopsys Software Integrity Group
 
Webinar–OWASP Top 10 for JavaScript for Developers
Webinar–OWASP Top 10 for JavaScript for DevelopersWebinar–OWASP Top 10 for JavaScript for Developers
Webinar–OWASP Top 10 for JavaScript for Developers
Synopsys Software Integrity Group
 
Do Design Quality and Code Quality Matter in Merger and Acquisition Tech Due ...
Do Design Quality and Code Quality Matter in Merger and Acquisition Tech Due ...Do Design Quality and Code Quality Matter in Merger and Acquisition Tech Due ...
Do Design Quality and Code Quality Matter in Merger and Acquisition Tech Due ...
Synopsys Software Integrity Group
 
Webinar–Delivering a Next Generation Vulnerability Feed
Webinar–Delivering a Next Generation Vulnerability FeedWebinar–Delivering a Next Generation Vulnerability Feed
Webinar–Delivering a Next Generation Vulnerability Feed
Synopsys Software Integrity Group
 
Webinar–Financial Services Study Shows Why Investing in AppSec Matters
Webinar–Financial Services Study Shows Why Investing in AppSec MattersWebinar–Financial Services Study Shows Why Investing in AppSec Matters
Webinar–Financial Services Study Shows Why Investing in AppSec Matters
Synopsys Software Integrity Group
 
Webinar–Sécurité Applicative et DevSecOps dans un monde Agile
Webinar–Sécurité Applicative et DevSecOps dans un monde AgileWebinar–Sécurité Applicative et DevSecOps dans un monde Agile
Webinar–Sécurité Applicative et DevSecOps dans un monde Agile
Synopsys Software Integrity Group
 

More from Synopsys Software Integrity Group (20)

Webinar–Segen oder Fluch?
Webinar–Segen oder Fluch?Webinar–Segen oder Fluch?
Webinar–Segen oder Fluch?
 
Webinar–Mobile Application Hardening Protecting Business Critical Apps
Webinar–Mobile Application Hardening Protecting Business Critical AppsWebinar–Mobile Application Hardening Protecting Business Critical Apps
Webinar–Mobile Application Hardening Protecting Business Critical Apps
 
Webinar–The 2019 Open Source Year in Review
Webinar–The 2019 Open Source Year in ReviewWebinar–The 2019 Open Source Year in Review
Webinar–The 2019 Open Source Year in Review
 
Webinar–You've Got Your Open Source Audit Report–Now What?
Webinar–You've Got Your Open Source Audit Report–Now What? Webinar–You've Got Your Open Source Audit Report–Now What?
Webinar–You've Got Your Open Source Audit Report–Now What?
 
Webinar–OWASP Top 10 for JavaScript for Developers
Webinar–OWASP Top 10 for JavaScript for DevelopersWebinar–OWASP Top 10 for JavaScript for Developers
Webinar–OWASP Top 10 for JavaScript for Developers
 
Webinar–The State of Open Source in M&A Transactions
Webinar–The State of Open Source in M&A Transactions Webinar–The State of Open Source in M&A Transactions
Webinar–The State of Open Source in M&A Transactions
 
Webinar–5 ways to risk rank your vulnerabilities
Webinar–5 ways to risk rank your vulnerabilitiesWebinar–5 ways to risk rank your vulnerabilities
Webinar–5 ways to risk rank your vulnerabilities
 
Do Design Quality and Code Quality Matter in Merger and Acquisition Tech Due ...
Do Design Quality and Code Quality Matter in Merger and Acquisition Tech Due ...Do Design Quality and Code Quality Matter in Merger and Acquisition Tech Due ...
Do Design Quality and Code Quality Matter in Merger and Acquisition Tech Due ...
 
Webinar–Using Evidence-Based Security
Webinar–Using Evidence-Based Security Webinar–Using Evidence-Based Security
Webinar–Using Evidence-Based Security
 
Webinar–Delivering a Next Generation Vulnerability Feed
Webinar–Delivering a Next Generation Vulnerability FeedWebinar–Delivering a Next Generation Vulnerability Feed
Webinar–Delivering a Next Generation Vulnerability Feed
 
Webinar–Financial Services Study Shows Why Investing in AppSec Matters
Webinar–Financial Services Study Shows Why Investing in AppSec MattersWebinar–Financial Services Study Shows Why Investing in AppSec Matters
Webinar–Financial Services Study Shows Why Investing in AppSec Matters
 
Webinar–What You Need To Know About Open Source Licensing
Webinar–What You Need To Know About Open Source LicensingWebinar–What You Need To Know About Open Source Licensing
Webinar–What You Need To Know About Open Source Licensing
 
Webinar–Improving Fuzz Testing of Infotainment Systems and Telematics Units U...
Webinar–Improving Fuzz Testing of Infotainment Systems and Telematics Units U...Webinar–Improving Fuzz Testing of Infotainment Systems and Telematics Units U...
Webinar–Improving Fuzz Testing of Infotainment Systems and Telematics Units U...
 
Webinar–Why All Open Source Scans Aren't Created Equal
Webinar–Why All Open Source Scans Aren't Created EqualWebinar–Why All Open Source Scans Aren't Created Equal
Webinar–Why All Open Source Scans Aren't Created Equal
 
Webinar–Is Your Software Security Supply Chain a Security Blind Spot?
Webinar–Is Your Software Security Supply Chain a Security Blind Spot?Webinar–Is Your Software Security Supply Chain a Security Blind Spot?
Webinar–Is Your Software Security Supply Chain a Security Blind Spot?
 
Webinar–Sécurité Applicative et DevSecOps dans un monde Agile
Webinar–Sécurité Applicative et DevSecOps dans un monde AgileWebinar–Sécurité Applicative et DevSecOps dans un monde Agile
Webinar–Sécurité Applicative et DevSecOps dans un monde Agile
 
Webinar – Streamling Your Tech Due Diligence Process for Software Assets
Webinar – Streamling Your Tech Due Diligence Process for Software AssetsWebinar – Streamling Your Tech Due Diligence Process for Software Assets
Webinar – Streamling Your Tech Due Diligence Process for Software Assets
 
Webinar – Security Tool Misconfiguration and Abuse
Webinar – Security Tool Misconfiguration and AbuseWebinar – Security Tool Misconfiguration and Abuse
Webinar – Security Tool Misconfiguration and Abuse
 
Webinar – Software Security 2019–Embrace Velocity
Webinar – Software Security 2019–Embrace Velocity Webinar – Software Security 2019–Embrace Velocity
Webinar – Software Security 2019–Embrace Velocity
 
Webinar - Developers Are Your Greatest AppSec Resource
Webinar - Developers Are Your Greatest AppSec ResourceWebinar - Developers Are Your Greatest AppSec Resource
Webinar - Developers Are Your Greatest AppSec Resource
 

Recently uploaded

Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Medical / Health Care (+971588192166) Mifepristone and Misoprostol tablets 200mg
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
masabamasaba
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
Presentation.STUDIO
 
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
VictoriaMetrics
 
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
chiefasafspells
 
What Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the SituationWhat Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the Situation
Juha-Pekka Tolvanen
 

Recently uploaded (20)

Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
 
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
 
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
 
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park %in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
 
Artyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptxArtyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptx
 
%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare
 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
 
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdfPayment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
 
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learn
 
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
 
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
 
What Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the SituationWhat Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the Situation
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 

Synopsys Security Event Israel Presentation: Keynote: Securing Your Software, Today and in the Future

  • 1. © 2018 Synopsys, Inc. 1 Build Secure, High-Quality Software Faster Girish Janardhanudu, Vice President, Security Consulting, Software Integrity Group
  • 2. © 2018 Synopsys, Inc. 2 A solid foundation for long term stability and growth 1 Microsoft 2 Oracle 3 SAP 4 Symantec 5 VMware 6 Salesforce 7 Intuit 8 CA Technologies 9 Adobe 10 Teradata 11 Amdocs 12 Cerner 13 Citrix 14 Autodesk 15 Synopsys 16 Sage Group 17 Akamai Technologies 18 Nuance 19 Open Text 20 F5 Networks Top 20 Global Software Companies Engineering Culture Total Employees: ~12,000 Engineers: 50% Software Integrity Group: ~1,500 Global Reach 30+ years Market Cap: ~ $13B 2017 Revenue: $2.7B
  • 3. © 2018 Synopsys, Inc. 3 Application security is in our DNA The authority on open source security & risk management Published Thought Leadership in software security The team and technology that found Heartbleed Pioneer in Software Quality and Software Security Static Analysis Pioneer of IAST - Interactive Application Security Testing
  • 4. © 2018 Synopsys, Inc. 4 Mobile / Consumer Devices Enterprise Networking and Software High Reliability Systems Financial Services Deep experience in software security and quality testing for many industries
  • 5. © 2018 Synopsys, Inc. 5 A trusted partner to over 4,000 companies 16 of the top 20 commercial banks 9 of the top 10 ISVs 7 of the top 10 aerospace and defense firms 8 of the top 10 global brands 6 of the top 10 semiconductor companies
  • 6. © 2018 Synopsys, Inc. 6 The recognized leader in end-to-end application security Forrester Wave Static Application Security Testing Forrester Wave Software Composition Analysis Gartner Magic Quadrant Application Security Testing Synopsys is the only vendor recognized as the leader in both SAST and SCA
  • 7. © 2018 Synopsys, Inc. 7 Major security trends • Increased regulations • Data manipulation vs data access • Shortage of security resources • Pace of attacks • IOT (edge of the network) • DevSecOpps, Cloud & CI/CD • Secure by design or “shift left”
  • 8. © 2018 Synopsys, Inc. 8 Major security trends • Increased regulations • Data manipulation vs data access • Shortage of security resources • Pace of attacks • IOT (edge of the network) • DevSecOpps, Cloud & CI/CD • Secure by design or “shift left”
  • 9. © 2018 Synopsys, Inc. 10 The Evolving Landscape of Software Development Impacts Software Integrity Embedded devices Cloud (private, hybrid, public) Languages, open source and frameworks New tech stacks and attack surfaces Agile, DevOpsSec, CI/CD Fit into toolchain eco-systems Automation through toolchain integration New development philosophies and approaches Comprehensive view into risk Accuracy and speed of quality defects and security vulnerability feedback Focus Lack visibility into evolving application portfolio Align with workflow timeframes Security as a core component of quality Testing coverage and depth Changing testing demands
  • 10. © 2018 Synopsys, Inc. 11 To succeed, you need to take a multi-layer approach Strategy Programs Services Tools
  • 11. © 2018 Synopsys, Inc. 12 We help teams build secure, high quality software faster DevSecOps Tools Managed Services Strategy & Planning Professional Services Build Security In Maturity Model (BSIMM) Coverity Static Analysis Black Duck Software Composition Analysis Seeker / Defensics Dynamic Analysis DevSecOps Integration Architecture and Design Security Training Cloud Security Industry Solutions Maturity Action Plan (MAP) Mobile Security Testing SAST Penetration Testing DAST
  • 12. © 2018 Synopsys, Inc. 13 We help teams build secure, high quality software faster DevSecOps Tools Managed Services Strategy & Planning Professional Services Build Security In Maturity Model (BSIMM) Coverity Static Analysis Black Duck Software Composition Analysis Seeker / Defensics Dynamic Analysis DevSecOps Integration Architecture and Design Security Training Cloud Security Industry Solutions Maturity Action Plan (MAP) Mobile Security Testing SAST Penetration Testing DAST
  • 13. © 2018 Synopsys, Inc. 14 Scale• Augmenting internal teams with external resources for scalability • Identify and prioritize vulnerabilities for remediation • Integrating with DevOps Software Security Initiatives are a Journey Launch • Pen testing to find vulnerabilities • Compliance driven • Low level testing • Programmatically managing risk across your software release cycles • Driving efficiencies through SDLC integration • Purposeful blend of automated and manual testing processes Optimize OVERLAYINTEGRATE REACT PREVENT
  • 14. © 2018 Synopsys, Inc. 15 Know where your software security initiatives stand compared to your peers BSIMM - Build Security In Maturity Model • Base your SSI on industry best practices • Compare your SSI against others using 200+ metrics • Benchmark and track SSI growth • Interact and learn from BSIMM community peers Strategy & Planning
  • 15. © 2018 Synopsys, Inc. 16 • Set objectives, outline a strategy, identify resources • Equip staff to build and operate secure software • Define how and when to address each software asset • Plan activities to verify your software security program Build, evolve, and maintain your software security initiatives MAP – Maturity Action Plan Strategy & Planning
  • 16. © 2018 Synopsys, Inc. 17 What this means to our customers Any test Static, software composition, or dynamic analysis On any software From legacy to mobile to cloud to IoT and beyond At any depth From rapid automated scanning to comprehensive analysis With complete flexibility From DevSecOps tools to on-demand services At any SDLC stage From design & build to integrate & deploy With tools and services From strategy & planning to acceleration & integration