Harnessing the power of open source without compromising on security or agility
25 September, 8:00 am - 10:30 am
Companies cannot develop software at today’s pace without using open source. It has become a necessity to meet aggressive time-to-market targets.
Open source enables companies to build better products faster, by helping them focus their software engineering resources on their innovative technologies. This explains why, according to research, 97 per cent of applications contain open-source components, and 60 to 80 per cent of the codebase is open source code.
However, most companies are not aware of the unique challenges that come with using open-source components and are not properly addressing the security risks. A recent study shows that one in eight open source component downloads contained a known security vulnerability. Furthermore, security professionals have less time to find and address these vulnerabilities: the same study discovered that the window between vulnerability disclosure to exploit has shrunk from 45 days to only three days.
So how can security professionals ensure software development teams are not adding risk by using open source? How can they get the visibility and control needed to secure the company’s application without slowing down the development process? And how can you continue scaling up open-source usage, without compromising on security or hurting agility?
Join the discussion…
During the meeting we will focus on questions such as:
- What are the main security challenges in using open-source components? How do they differ from securing proprietary code?
- How can you define security and compliance open-source policies in your organisation? How can you enforce these policies?
- How can you empower your developers to own the security of the open-source components in their applications?
- How can you assimilate open-source management into your DevOps pipeline in the right way? What available integrations exist in the market?
- Free tools to alert developers about open-source components with known vulnerabilities are overtaking the market. What are these tools? Should you encourage your developers to use them?
- Can and should you realistically demand that your developers address all detected vulnerabilities? If not, how can you properly prioritise detected vulnerabilities to fix the critical issues quickly?
- How can development teams and security professionals work together without compromising on security or agility?
Who is invited?
This breakfast meeting is designed for C-level decision makers in large organisations who are considering how to implement software competition analysis. These include: software security professionals (CISOs, heads of software security, heads of application security), technology strategists such as heads of technology and software leads (heads of software development, CTOs, VPs of software engineering, VP DevOps).
Delegates will work at large organisations in the private sector that develop software and apps for themselves.
Registered attendees include:
- Credit Suisse – Global Head of Technology, Cyber and Third Party
- Whitbread – Head of Information Security
- CIMB Bank – Head of Risk
- MSCI – Head of IS Governance and Resiliency
- Mace Group – Head of Risk
Be one of 12-15 senior business professionals around the table at the Goring Hotel in central London.
The breakfast briefing is brought to you by teiss in association with Whitesource and is only for senior executives as mentioned above. Registrations of junior professionals, consultants, solution providers or other sellers to this market won’t be accepted. In addition, to be eligible for this event you must be employed by a corporate legal entity: if you are a sole trader or in a partnership other than a legally incorporated partnership we will be unable to offer you a place.
For any enquiries, please contact Harry on 0208 349 5580 or email email@example.com.