Events  Deals  Jobs  SF Climate Week 2024 
 
  Sign in  
 
 
Secrets of 20 Billion Software Components, Cyber incident-response capability & Trends in Financial Crimes.
Wed, Sep 16, 2015 @ 06:00 PM   FREE   Protiviti, 888 Seventh Ave
 
 
 
 
 
              

    
 
Sign up for our awesome New York
Tech Events weekly email newsletter.		    
LOCATION
EVENT DETAILS

CLICKLEARN MORE FOR AGENDA

The Open Web Application Security Project (OWASP) is a501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software. Our mission is to make software securityvisible, so thatindividuals and organizations worldwide can make informed decisions about true software security risks.OWASP does not endorse or recommend commercial products or services, allowing our community to remain vendor neutral with the collective wisdom of the best minds in software security worldwide.

To access thousands of hours of video content, hundreds of projects visitwww.owasp.org today.

===AGENDA===

6:00pm - 6:15pm - Check-In, 50/50 Social Networking

6:15pm - 7:00pm - Session 1

Saved or Sabotaged? Secrets of 20 Billion Software Components, Derek Weeks

Every software development organization on the planet has a software supply chain that is consuming a massive volume of open source and third-party components at extremely high velocity. To provide a much clearer perspective to this volume and velocity, we can see that a global population more than 11 million developers consumed over 20 billion components in 2014.

Those in AppSec who have pursued improved visibility, supplier choices, and control mechanisms across their software supply chains have boosted developer productivity by 15%, crumbled mountains of security debt, and shifted millions of dollars from sustaining operations to accelerating innovation.

Yet the vast majority of organizations developing software are blind to their free-for-all consumption volume, patterns, and velocity. Their software supply chain practices are silently sabotaging efforts to accelerate development, improve efficiency and maintain the integrity of their applications.

In May, I authored the 2015 State of the Software Supply Chain Report. It is a quantitative analysis of more than 160,000 software development organizations consuming billions of open source and third-party software components from over 15,000 suppliers. Included in my analysis is a deep dive into practices of the largest Financial Services firms. Your organization is most likely among those I analyzed.

While the average organization in the study consumed 240,000 open source and third party software components in 2014, the study revealed:

An average of 15,337 components consumed included known security flaws, impacting the integrity of operations

75% of organizations lack policies that control the use of open source and third-party components that are making their way through their software supply chains and into production

An average application has 24 known open source security flaws, electively built in by the development team

But this discussion is not intended to simply shed light on bad practices, it is about learning. Attendees will gain new visibility as to whats happening in their own software supply chains, how to avoid these elective risks, and how leading organizations like eBay, ServiceNow, Blackboard, Aetna, the US Air Force, and Department of Homeland Security are applying proven supply chain principles from other industries toward improving their AppSec practices.

7:00pm - 7:15pm - Session 2

New York Chapter Global and Local Updates

Review of OWASP Project Process,Claudia Casanovas, The OWASP Foundation, Project Coordinator


7:15pm - 8:00pm - Session 3

Trends in Financial Crimes - How insecure software, poor development practices and poor management enable cybercrime, Raj Goel

Why does SPAM exist? What types of crimes are we enabling by use and misuse of social media? How are small businesses, churches and schools being robbed of hundreds of thousands of dollars? And what do warehouses in China have to do with multi-billion dollar frauds? Listen as Raj shares with you what is fueling cyber-crime and what steps you can take to protect yourself, your family and businesses from the cyber-criminals.


8:00pm - 8:45pm - Session 4

How good is your cyberincident-response capability?, Peter Constantine

As we have seen time and time again Cybercriminals have been successfully targeting organizations of all sizes across all industry sectors. Recent evidence of post breach analysis has shown that attacks are becoming increasingly sophisticated, more frequent, and their consequences have large impact. The money that has been spent on investigating an incident, remediation activities, and loss in market capitalization have ranged from tens of millions into the billions. This leaves investors a loss of confidence in the companys ability to respond to these type of events.

Many of the issues for the ever growing globalization within enterprise firms leaves a need to have a proper plan that spans across multiple business segments and involves many different groups of people. Another large problem is that the people need to be empowered with tools that can give them clear visibility and accelerate the identification of malicious activity and arm incident response teams to more accurately, quickly and completely scope incidents before a brand-damaging and costly security breach occurs.


==============================================

Special thanks to our venue host Protiviti, our meeting sponsor Sonatype and all of ourlocal chapter supporters. If you enjoythis community projects, events and activities CLICK HERE to join our membership today.
 
 
 
 
© 2024 GarysGuide      About    Feedback    Press    Terms