SlideShare ist ein Scribd-Unternehmen logo

Webinar–Open Source Risk in M&A by the Numbers

Synopsys Software Integrity Group
Synopsys Software Integrity Group

During a recent webinar, Phil Odence, General Manager of the Synopsys Black Duck Audit Group presented "Open Source Risk in M&A by the Numbers" For more information, please visit www.synopsys.com/BlackDuck

Software
1 von 27
© 2019 Synopsys, Inc.1 Phil Odence, General Manager, Synopsys Black Duck Audit Group phil.odence@synopsys.com May 2, 2019 Open Source Risks Persist—But Management Is Improving Open Source Risk in M&A by the Numbers
© 2019 Synopsys, Inc.2 Agenda Background Software, open source, OSSRA report Results Usage, license risks, security risks Conclusions Trends, takeaways, and tips for managing in M&A Phil Odence, General Manager Black Duck Audit Group phil.odence@synopsys.com
© 2019 Synopsys, Inc.3 Background Software, open source, OSSRA report
© 2019 Synopsys, Inc.4 Modern software = Proprietary code + Open source components + Commercial components + API usage …inherent risks
© 2019 Synopsys, Inc.5 The fundamental issue… Codebase Commercial third-party code Purchasing • Licensing? • Security? • Quality? • Support? Open source OPERATIONAL FACTORS Which versions of code are being used, and how old are they (dead projects)? LEGAL RISK Which licenses are used, and do they match anticipated use of the code? SECURITY RISK Which components have vulnerabilities, and what are they? Management visibility—not! “Many open-source assets are either undermanaged or altogether unmanaged.” —Gartner, 2017
© 2019 Synopsys, Inc.6 Why acquirers worry • Concerns have gone from unusual to being the norm in tech M&A due diligence • “Many open-source assets are either undermanaged or altogether unmanaged once established within an IT portfolio.” —Gartner • And even more so for smaller companies • Deeper pockets may draw fire
© 2019 Synopsys, Inc.7 Open Source Security and Risk Assessment • Fourth year • 1,200+ Black Duck Audits on codebases • Software of – Tech companies – Mostly M&A related • Data anonymized and aggregated
© 2019 Synopsys, Inc.8 Black Duck Audits: 1,200+ codebases across all industries Industry Distribution Enterprise Software/SaaS 23% Healthcare, Health Tech, Life Sciences 11% Financial Services & FinTech 10% Big Data, AI, BI, Machine Learning 9% Retail & E-Commerce 7% Aerospace, Aviation, Automotive, Transportation, Logistics 6% Internet & Software Infrastructure 5% Internet of Things 5% Telecommunications & Wireless 4% Cybersecurity 3% Virtual Reality, Gaming, Entertainment, Media 3% Manufacturing, Industrials, Robotics 3% Internet and Mobile Apps 3% Marketing Tech 2% EdTech 2% Computer Hardware & Semiconductors 2% Energy & CleanTech 1%
© 2019 Synopsys, Inc.9 Results Usage, license risks, security risks
© 2019 Synopsys, Inc.10 Tech companies use open source…lots! of the 2018 audited code analyzed was open source of audited codebases contained open source of audited codebases contained more than 50% open source
© 2019 Synopsys, Inc.11 And more than they know… • Few targets were able to produce a list with any confidence • When they could, it tended to be about 50% accurate Average codebase audited by Black Duck contained 298 open source components (up from 257 last year)
© 2019 Synopsys, Inc.12 All industries use a substantial percentage of open source Table 2: Average percentage of open source in each audited codebase by industry
© 2019 Synopsys, Inc.13 The top 10 components are quite common
© 2019 Synopsys, Inc.14 Legal risk in software • Risk: Using code without complying with licenses can lead to lawsuits, loss of IP, distraction, reputational issues, remediation • License / terms-of-use issues – With respect to open source and third-party code – Requires analyzing software composition: what’s in the code • Copyright law applies to software: Essentially, you need a license • Fundamental challenge: Most companies don’t know what’s in their code
© 2019 Synopsys, Inc.15 License issues remain significant in codebases contained custom licenses that had the potential to cause conflict or needed legal review contained components with license conflicts contained components that were “not licensed” contained some form of GPL conflict of the audited codebases contained license issues
© 2019 Synopsys, Inc.16 Open source license compliance remains critical Percentage of codebases with license conflicts
© 2019 Synopsys, Inc.17 Options for remediating license issues Remove A minor feature may not be worth the risk. Replace Perhaps with a similar open source or commercial component. For common capabilities, there may be similar components under compatible licenses. Rewrite Recreate the functionality with proprietary code. Relicense Some copyright holders are willing to license software under different terms, perhaps another open source license or some commercial arrangement. Respect As usage matters, there are cases, particularly with medium-risk licenses, that the way the component is used may be easily modified and allow you to respect the terms of the license.
© 2019 Synopsys, Inc.18 Security is a growing focus in M&A “Companies are intensifying due diligence of acquisition targets to avoid costly cybersecurity surprises, particularly when intellectual property, such as software code or customer data drive the deal.”—WSJ “’Security problems,’ said ADP’s chief security officer Roland Cloutier, ‘could kill any deal.’”
© 2019 Synopsys, Inc.19 Equifax breach focused attention on open source security Over 5,000 new vulnerabilities are discovered in open source components each year.
© 2019 Synopsys, Inc.20 Open source vulnerabilities are commonplace, and organizations are failing to protect against them contained vulnerabilities over 10 years old of the audited codebases contained vulnerabilities contained high-risk vulnerabilities contained components that were more than four years out-of-date or had no development activity in the last two years
© 2019 Synopsys, Inc.21 CVE-2000-0388 Reporting date May 9, 1990 Impact A buffer overflow when processing the TERMCAP environment variable in FreeBSD 3.4 and prior could result in a local exploit resulting in privilege escalation Mitigation Update the FreeBSD operating environment to a modern version A vulnerability older than many developers and found within the 2018 OSSRA dataset
© 2019 Synopsys, Inc.22 Conclusions Trends, takeaways, and tips for managing in M&A
© 2018 Synopsys, Inc.23 Trends • Usage continue up – 60% open source, up from 57% – Components per codebase 298, up from 257 • License compliance still an issue, but showing improvement – Codebases with conflicts 68% vs. 74% for 2017 • Security similarly has improved, though still a concern – 60% of codebases contained unpatched vulnerabilities, compared to 78% last year All good! ?
© 2019 Synopsys, Inc.24 Key takeaways • For good reasons, open source makes up a significant amount of software in all industries • Most companies don’t manage very well, so… • Open source license and security issues pervade most codebases • In M&A, acquirers and sellers need to recognize and manage
© 2019 Synopsys, Inc.25 Buyers: Manage the risk in M&A Due diligence • Disclosures – Policies – Processes • Discussions • Do Black Duck Audits Dealing • Remediation • Reps / warranties • Modified terms • Adjusted valuation
© 2019 Synopsys, Inc.26 Sellers: Manage before the event One year out • Be prepared to provided open source bill of materials • Work with IP attorney • Implement open source strategy, policy, process, and tools • May be simple depending on organization Weeks/months out • Organize a prediligence audit • Remediate any issues and rescan • Provide report as a sales tool
Thank You phil.odence@synopsys.com

Empfohlen

Webinar–2019 Open Source Risk Analysis Report
Webinar–2019 Open Source Risk Analysis ReportWebinar–2019 Open Source Risk Analysis Report
Webinar–2019 Open Source Risk Analysis ReportSynopsys Software Integrity Group
 
Webinar–Why All Open Source Scans Aren't Created Equal
Webinar–Why All Open Source Scans Aren't Created EqualWebinar–Why All Open Source Scans Aren't Created Equal
Webinar–Why All Open Source Scans Aren't Created EqualSynopsys Software Integrity Group
 
Webinar – Security Tool Misconfiguration and Abuse
Webinar – Security Tool Misconfiguration and AbuseWebinar – Security Tool Misconfiguration and Abuse
Webinar – Security Tool Misconfiguration and AbuseSynopsys Software Integrity Group
 
Innovate for Cyber Resilience
Innovate for Cyber ResilienceInnovate for Cyber Resilience
Innovate for Cyber Resilienceaccenture
 
CompTIA International Trends in Cybersecurity
CompTIA International Trends in CybersecurityCompTIA International Trends in Cybersecurity
CompTIA International Trends in CybersecurityCompTIA
 
Infosecurity Europe - Infographic
Infosecurity Europe - InfographicInfosecurity Europe - Infographic
Infosecurity Europe - InfographicSynopsys Software Integrity Group
 
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationHow to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationIBM Security
 
Open Source Insight: SCA for DevOps, DHS Security, Securing Open Source for G...
Open Source Insight: SCA for DevOps, DHS Security, Securing Open Source for G...Open Source Insight: SCA for DevOps, DHS Security, Securing Open Source for G...
Open Source Insight: SCA for DevOps, DHS Security, Securing Open Source for G...Black Duck by Synopsys
 

Empfohlen

Webinar–2019 Open Source Risk Analysis Report
Webinar–2019 Open Source Risk Analysis ReportWebinar–2019 Open Source Risk Analysis Report
Webinar–2019 Open Source Risk Analysis ReportSynopsys Software Integrity Group
 
Webinar–Why All Open Source Scans Aren't Created Equal
Webinar–Why All Open Source Scans Aren't Created EqualWebinar–Why All Open Source Scans Aren't Created Equal
Webinar–Why All Open Source Scans Aren't Created EqualSynopsys Software Integrity Group
 
Webinar – Security Tool Misconfiguration and Abuse
Webinar – Security Tool Misconfiguration and AbuseWebinar – Security Tool Misconfiguration and Abuse
Webinar – Security Tool Misconfiguration and AbuseSynopsys Software Integrity Group
 
Innovate for Cyber Resilience
Innovate for Cyber ResilienceInnovate for Cyber Resilience
Innovate for Cyber Resilienceaccenture
 
CompTIA International Trends in Cybersecurity
CompTIA International Trends in CybersecurityCompTIA International Trends in Cybersecurity
CompTIA International Trends in CybersecurityCompTIA
 
Infosecurity Europe - Infographic
Infosecurity Europe - InfographicInfosecurity Europe - Infographic
Infosecurity Europe - InfographicSynopsys Software Integrity Group
 
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationHow to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationIBM Security
 
Open Source Insight: SCA for DevOps, DHS Security, Securing Open Source for G...
Open Source Insight: SCA for DevOps, DHS Security, Securing Open Source for G...Open Source Insight: SCA for DevOps, DHS Security, Securing Open Source for G...
Open Source Insight: SCA for DevOps, DHS Security, Securing Open Source for G...Black Duck by Synopsys
 
Car Cybersecurity: What do Automakers Really Think?
Car Cybersecurity: What do Automakers Really Think?Car Cybersecurity: What do Automakers Really Think?
Car Cybersecurity: What do Automakers Really Think?Security Innovation
 
Security Testing Trends for 2020
Security Testing Trends for 2020Security Testing Trends for 2020
Security Testing Trends for 2020TestingXperts
 
Vodafone cyber ready barometer 2018
Vodafone cyber ready barometer 2018Vodafone cyber ready barometer 2018
Vodafone cyber ready barometer 2018Martin Finn
 
Open Source Insight: Banking and Open Source, 2018 CISO Report, GDPR Looming
Open Source Insight: Banking and Open Source, 2018 CISO Report, GDPR Looming Open Source Insight: Banking and Open Source, 2018 CISO Report, GDPR Looming
Open Source Insight: Banking and Open Source, 2018 CISO Report, GDPR Looming Black Duck by Synopsys
 
Companies Aware, but Not Prepared for GDPR
Companies Aware, but Not Prepared for GDPRCompanies Aware, but Not Prepared for GDPR
Companies Aware, but Not Prepared for GDPRImperva
 
Integrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIntegrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIBM Security
 
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...Symantec
 
Cybersecurity through the Deloitte lens
Cybersecurity through the Deloitte lensCybersecurity through the Deloitte lens
Cybersecurity through the Deloitte lensaakash malhotra
 
Car Cybersecurity: The Gap Still Exists
Car Cybersecurity: The Gap Still ExistsCar Cybersecurity: The Gap Still Exists
Car Cybersecurity: The Gap Still ExistsSecurity Innovation
 
Open Source Insight: AppSec for DevOps, Open Source vs Proprietary, Malicious...
Open Source Insight: AppSec for DevOps, Open Source vs Proprietary, Malicious...Open Source Insight: AppSec for DevOps, Open Source vs Proprietary, Malicious...
Open Source Insight: AppSec for DevOps, Open Source vs Proprietary, Malicious...Black Duck by Synopsys
 
The Security Challenge: What's Next?
The Security Challenge: What's Next?The Security Challenge: What's Next?
The Security Challenge: What's Next?Cognizant
 
EMA Megatrends in Cyber-Security
EMA Megatrends in Cyber-SecurityEMA Megatrends in Cyber-Security
EMA Megatrends in Cyber-SecurityEnterprise Management Associates
 
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...IBM Security
 
eGestalt Named a 2012 'Emerging Vendor' by CRN and UBM Channel
eGestalt Named a 2012 'Emerging Vendor' by CRN and UBM ChanneleGestalt Named a 2012 'Emerging Vendor' by CRN and UBM Channel
eGestalt Named a 2012 'Emerging Vendor' by CRN and UBM Channelflashnewsrelease
 
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...IBM Security
 
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...IBM Security
 
From Cybersecurity to Cyber Resilience
From Cybersecurity to Cyber ResilienceFrom Cybersecurity to Cyber Resilience
From Cybersecurity to Cyber Resilienceaccenture
 
Symantec 2011 Encryption Flash Poll Global Results
Symantec 2011 Encryption Flash Poll Global ResultsSymantec 2011 Encryption Flash Poll Global Results
Symantec 2011 Encryption Flash Poll Global ResultsSymantec
 
Wearables and Internet of Things (IoT) - MWC15
Wearables and Internet of Things (IoT) - MWC15Wearables and Internet of Things (IoT) - MWC15
Wearables and Internet of Things (IoT) - MWC15Symantec
 
Open Source Insight: Balancing Agility and Open Source Security for DevOps
Open Source Insight: Balancing Agility and Open Source Security for DevOpsOpen Source Insight: Balancing Agility and Open Source Security for DevOps
Open Source Insight: Balancing Agility and Open Source Security for DevOpsBlack Duck by Synopsys
 
Webinar – Streamling Your Tech Due Diligence Process for Software Assets
Webinar – Streamling Your Tech Due Diligence Process for Software AssetsWebinar – Streamling Your Tech Due Diligence Process for Software Assets
Webinar – Streamling Your Tech Due Diligence Process for Software AssetsSynopsys Software Integrity Group
 
Automate and Enhance Application Security Analysis
Automate and Enhance Application Security AnalysisAutomate and Enhance Application Security Analysis
Automate and Enhance Application Security AnalysisCarlos Andrés García
 

Weitere ähnliche Inhalte

Was ist angesagt?

Car Cybersecurity: What do Automakers Really Think?
Car Cybersecurity: What do Automakers Really Think?Car Cybersecurity: What do Automakers Really Think?
Car Cybersecurity: What do Automakers Really Think?Security Innovation
 
Security Testing Trends for 2020
Security Testing Trends for 2020Security Testing Trends for 2020
Security Testing Trends for 2020TestingXperts
 
Vodafone cyber ready barometer 2018
Vodafone cyber ready barometer 2018Vodafone cyber ready barometer 2018
Vodafone cyber ready barometer 2018Martin Finn
 
Open Source Insight: Banking and Open Source, 2018 CISO Report, GDPR Looming
Open Source Insight: Banking and Open Source, 2018 CISO Report, GDPR Looming Open Source Insight: Banking and Open Source, 2018 CISO Report, GDPR Looming
Open Source Insight: Banking and Open Source, 2018 CISO Report, GDPR Looming Black Duck by Synopsys
 
Companies Aware, but Not Prepared for GDPR
Companies Aware, but Not Prepared for GDPRCompanies Aware, but Not Prepared for GDPR
Companies Aware, but Not Prepared for GDPRImperva
 
Integrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIntegrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIBM Security
 
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...Symantec
 
Cybersecurity through the Deloitte lens
Cybersecurity through the Deloitte lensCybersecurity through the Deloitte lens
Cybersecurity through the Deloitte lensaakash malhotra
 
Car Cybersecurity: The Gap Still Exists
Car Cybersecurity: The Gap Still ExistsCar Cybersecurity: The Gap Still Exists
Car Cybersecurity: The Gap Still ExistsSecurity Innovation
 
Open Source Insight: AppSec for DevOps, Open Source vs Proprietary, Malicious...
Open Source Insight: AppSec for DevOps, Open Source vs Proprietary, Malicious...Open Source Insight: AppSec for DevOps, Open Source vs Proprietary, Malicious...
Open Source Insight: AppSec for DevOps, Open Source vs Proprietary, Malicious...Black Duck by Synopsys
 
The Security Challenge: What's Next?
The Security Challenge: What's Next?The Security Challenge: What's Next?
The Security Challenge: What's Next?Cognizant
 
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...IBM Security
 
eGestalt Named a 2012 'Emerging Vendor' by CRN and UBM Channel
eGestalt Named a 2012 'Emerging Vendor' by CRN and UBM ChanneleGestalt Named a 2012 'Emerging Vendor' by CRN and UBM Channel
eGestalt Named a 2012 'Emerging Vendor' by CRN and UBM Channelflashnewsrelease
 
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...IBM Security
 
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...IBM Security
 
From Cybersecurity to Cyber Resilience
From Cybersecurity to Cyber ResilienceFrom Cybersecurity to Cyber Resilience
From Cybersecurity to Cyber Resilienceaccenture
 
Symantec 2011 Encryption Flash Poll Global Results
Symantec 2011 Encryption Flash Poll Global ResultsSymantec 2011 Encryption Flash Poll Global Results
Symantec 2011 Encryption Flash Poll Global ResultsSymantec
 
Wearables and Internet of Things (IoT) - MWC15
Wearables and Internet of Things (IoT) - MWC15Wearables and Internet of Things (IoT) - MWC15
Wearables and Internet of Things (IoT) - MWC15Symantec
 
Open Source Insight: Balancing Agility and Open Source Security for DevOps
Open Source Insight: Balancing Agility and Open Source Security for DevOpsOpen Source Insight: Balancing Agility and Open Source Security for DevOps
Open Source Insight: Balancing Agility and Open Source Security for DevOpsBlack Duck by Synopsys
 

Was ist angesagt? (20)

Car Cybersecurity: What do Automakers Really Think?
Car Cybersecurity: What do Automakers Really Think?Car Cybersecurity: What do Automakers Really Think?
Car Cybersecurity: What do Automakers Really Think?
 
Security Testing Trends for 2020
Security Testing Trends for 2020Security Testing Trends for 2020
Security Testing Trends for 2020
 
Vodafone cyber ready barometer 2018
Vodafone cyber ready barometer 2018Vodafone cyber ready barometer 2018
Vodafone cyber ready barometer 2018
 
Open Source Insight: Banking and Open Source, 2018 CISO Report, GDPR Looming
Open Source Insight: Banking and Open Source, 2018 CISO Report, GDPR Looming Open Source Insight: Banking and Open Source, 2018 CISO Report, GDPR Looming
Open Source Insight: Banking and Open Source, 2018 CISO Report, GDPR Looming
 
Companies Aware, but Not Prepared for GDPR
Companies Aware, but Not Prepared for GDPRCompanies Aware, but Not Prepared for GDPR
Companies Aware, but Not Prepared for GDPR
 
Integrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIntegrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM Resilient
 
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...
 
Cybersecurity through the Deloitte lens
Cybersecurity through the Deloitte lensCybersecurity through the Deloitte lens
Cybersecurity through the Deloitte lens
 
Car Cybersecurity: The Gap Still Exists
Car Cybersecurity: The Gap Still ExistsCar Cybersecurity: The Gap Still Exists
Car Cybersecurity: The Gap Still Exists
 
Open Source Insight: AppSec for DevOps, Open Source vs Proprietary, Malicious...
Open Source Insight: AppSec for DevOps, Open Source vs Proprietary, Malicious...Open Source Insight: AppSec for DevOps, Open Source vs Proprietary, Malicious...
Open Source Insight: AppSec for DevOps, Open Source vs Proprietary, Malicious...
 
The Security Challenge: What's Next?
The Security Challenge: What's Next?The Security Challenge: What's Next?
The Security Challenge: What's Next?
 
EMA Megatrends in Cyber-Security
EMA Megatrends in Cyber-SecurityEMA Megatrends in Cyber-Security
EMA Megatrends in Cyber-Security
 
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
 
eGestalt Named a 2012 'Emerging Vendor' by CRN and UBM Channel
eGestalt Named a 2012 'Emerging Vendor' by CRN and UBM ChanneleGestalt Named a 2012 'Emerging Vendor' by CRN and UBM Channel
eGestalt Named a 2012 'Emerging Vendor' by CRN and UBM Channel
 
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...
 
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
 
From Cybersecurity to Cyber Resilience
From Cybersecurity to Cyber ResilienceFrom Cybersecurity to Cyber Resilience
From Cybersecurity to Cyber Resilience
 
Symantec 2011 Encryption Flash Poll Global Results
Symantec 2011 Encryption Flash Poll Global ResultsSymantec 2011 Encryption Flash Poll Global Results
Symantec 2011 Encryption Flash Poll Global Results
 
Wearables and Internet of Things (IoT) - MWC15
Wearables and Internet of Things (IoT) - MWC15Wearables and Internet of Things (IoT) - MWC15
Wearables and Internet of Things (IoT) - MWC15
 
Open Source Insight: Balancing Agility and Open Source Security for DevOps
Open Source Insight: Balancing Agility and Open Source Security for DevOpsOpen Source Insight: Balancing Agility and Open Source Security for DevOps
Open Source Insight: Balancing Agility and Open Source Security for DevOps
 

Ähnlich wie Webinar–Open Source Risk in M&A by the Numbers

Webinar – Streamling Your Tech Due Diligence Process for Software Assets
Webinar – Streamling Your Tech Due Diligence Process for Software AssetsWebinar – Streamling Your Tech Due Diligence Process for Software Assets
Webinar – Streamling Your Tech Due Diligence Process for Software AssetsSynopsys Software Integrity Group
 
Automate and Enhance Application Security Analysis
Automate and Enhance Application Security AnalysisAutomate and Enhance Application Security Analysis
Automate and Enhance Application Security AnalysisCarlos Andrés García
 
Automate and Enhance Application Security Analysis
Automate and Enhance Application Security AnalysisAutomate and Enhance Application Security Analysis
Automate and Enhance Application Security AnalysisVMware Tanzu
 
Enabling Developers in Your Application Security Program With Coverity and Th...
Enabling Developers in Your Application Security Program With Coverity and Th...Enabling Developers in Your Application Security Program With Coverity and Th...
Enabling Developers in Your Application Security Program With Coverity and Th...Denim Group
 
Do Design Quality and Code Quality Matter in Merger and Acquisition Tech Due ...
Do Design Quality and Code Quality Matter in Merger and Acquisition Tech Due ...Do Design Quality and Code Quality Matter in Merger and Acquisition Tech Due ...
Do Design Quality and Code Quality Matter in Merger and Acquisition Tech Due ...Synopsys Software Integrity Group
 
Bridging the Security Testing Gap in Your CI/CD Pipeline
Bridging the Security Testing Gap in Your CI/CD PipelineBridging the Security Testing Gap in Your CI/CD Pipeline
Bridging the Security Testing Gap in Your CI/CD PipelineDevOps.com
 
Webinar–You've Got Your Open Source Audit Report–Now What?
Webinar–You've Got Your Open Source Audit Report–Now What? Webinar–You've Got Your Open Source Audit Report–Now What?
Webinar–You've Got Your Open Source Audit Report–Now What? Synopsys Software Integrity Group
 
RSA Conference Presentation–Creating a Modern AppSec Toolchain to Quantify Se...
RSA Conference Presentation–Creating a Modern AppSec Toolchain to Quantify Se...RSA Conference Presentation–Creating a Modern AppSec Toolchain to Quantify Se...
RSA Conference Presentation–Creating a Modern AppSec Toolchain to Quantify Se...Synopsys Software Integrity Group
 
Webinar–Creating a Modern AppSec Toolchain to Quantify Service Risks
Webinar–Creating a Modern AppSec Toolchain to Quantify Service RisksWebinar–Creating a Modern AppSec Toolchain to Quantify Service Risks
Webinar–Creating a Modern AppSec Toolchain to Quantify Service RisksSynopsys Software Integrity Group
 
SFScon 2020 - Luisa Romano - Cybersecurity Managers Liability and Use of Open...
SFScon 2020 - Luisa Romano - Cybersecurity Managers Liability and Use of Open...SFScon 2020 - Luisa Romano - Cybersecurity Managers Liability and Use of Open...
SFScon 2020 - Luisa Romano - Cybersecurity Managers Liability and Use of Open...South Tyrol Free Software Conference
 
Enabling Developers in Your Application Security Program With Coverity and Th...
Enabling Developers in Your Application Security Program With Coverity and Th...Enabling Developers in Your Application Security Program With Coverity and Th...
Enabling Developers in Your Application Security Program With Coverity and Th...Denim Group
 
Open Source Insight: 2017 Top 10 IT Security Stories, Breaches, and Predictio...
Open Source Insight: 2017 Top 10 IT Security Stories, Breaches, and Predictio...Open Source Insight: 2017 Top 10 IT Security Stories, Breaches, and Predictio...
Open Source Insight: 2017 Top 10 IT Security Stories, Breaches, and Predictio...Black Duck by Synopsys
 
Disrupt or be disrupted – Using secure APIs to drive digital transformation
Disrupt or be disrupted – Using secure APIs to drive digital transformationDisrupt or be disrupted – Using secure APIs to drive digital transformation
Disrupt or be disrupted – Using secure APIs to drive digital transformationRogue Wave Software
 
Synopsys Security Event Israel Presentation: Keynote: Securing Your Software,...
Synopsys Security Event Israel Presentation: Keynote: Securing Your Software,...Synopsys Security Event Israel Presentation: Keynote: Securing Your Software,...
Synopsys Security Event Israel Presentation: Keynote: Securing Your Software,...Synopsys Software Integrity Group
 
Open Source Insight: Samba Vulnerability, Connected Car Risks, and Are You R...
Open Source Insight: Samba Vulnerability, Connected Car Risks, and Are You R...Open Source Insight: Samba Vulnerability, Connected Car Risks, and Are You R...
Open Source Insight: Samba Vulnerability, Connected Car Risks, and Are You R...Black Duck by Synopsys
 
Webinar–Building A Culture of Secure Programming in Your Organization
Webinar–Building A Culture of Secure Programming in Your OrganizationWebinar–Building A Culture of Secure Programming in Your Organization
Webinar–Building A Culture of Secure Programming in Your OrganizationSynopsys Software Integrity Group
 
KPMG Survey: Is Unlicensed Software Usage Hurting Your Bottom Line
KPMG Survey: Is Unlicensed Software Usage Hurting Your Bottom LineKPMG Survey: Is Unlicensed Software Usage Hurting Your Bottom Line
KPMG Survey: Is Unlicensed Software Usage Hurting Your Bottom LineJeff Gustafson
 
Streaming Processes: Creating a Start-up Within a Big Corporate (Mohammad Sha...
Streaming Processes: Creating a Start-up Within a Big Corporate (Mohammad Sha...Streaming Processes: Creating a Start-up Within a Big Corporate (Mohammad Sha...
Streaming Processes: Creating a Start-up Within a Big Corporate (Mohammad Sha...Executive Leaders Network
 

Ähnlich wie Webinar–Open Source Risk in M&A by the Numbers (20)

Webinar – Streamling Your Tech Due Diligence Process for Software Assets
Webinar – Streamling Your Tech Due Diligence Process for Software AssetsWebinar – Streamling Your Tech Due Diligence Process for Software Assets
Webinar – Streamling Your Tech Due Diligence Process for Software Assets
 
Automate and Enhance Application Security Analysis
Automate and Enhance Application Security AnalysisAutomate and Enhance Application Security Analysis
Automate and Enhance Application Security Analysis
 
Automate and Enhance Application Security Analysis
Automate and Enhance Application Security AnalysisAutomate and Enhance Application Security Analysis
Automate and Enhance Application Security Analysis
 
Webinar–AppSec: Hype or Reality
Webinar–AppSec: Hype or RealityWebinar–AppSec: Hype or Reality
Webinar–AppSec: Hype or Reality
 
Enabling Developers in Your Application Security Program With Coverity and Th...
Enabling Developers in Your Application Security Program With Coverity and Th...Enabling Developers in Your Application Security Program With Coverity and Th...
Enabling Developers in Your Application Security Program With Coverity and Th...
 
Do Design Quality and Code Quality Matter in Merger and Acquisition Tech Due ...
Do Design Quality and Code Quality Matter in Merger and Acquisition Tech Due ...Do Design Quality and Code Quality Matter in Merger and Acquisition Tech Due ...
Do Design Quality and Code Quality Matter in Merger and Acquisition Tech Due ...
 
Bridging the Security Testing Gap in Your CI/CD Pipeline
Bridging the Security Testing Gap in Your CI/CD PipelineBridging the Security Testing Gap in Your CI/CD Pipeline
Bridging the Security Testing Gap in Your CI/CD Pipeline
 
Webinar–You've Got Your Open Source Audit Report–Now What?
Webinar–You've Got Your Open Source Audit Report–Now What? Webinar–You've Got Your Open Source Audit Report–Now What?
Webinar–You've Got Your Open Source Audit Report–Now What?
 
RSA Conference Presentation–Creating a Modern AppSec Toolchain to Quantify Se...
RSA Conference Presentation–Creating a Modern AppSec Toolchain to Quantify Se...RSA Conference Presentation–Creating a Modern AppSec Toolchain to Quantify Se...
RSA Conference Presentation–Creating a Modern AppSec Toolchain to Quantify Se...
 
Webinar–Creating a Modern AppSec Toolchain to Quantify Service Risks
Webinar–Creating a Modern AppSec Toolchain to Quantify Service RisksWebinar–Creating a Modern AppSec Toolchain to Quantify Service Risks
Webinar–Creating a Modern AppSec Toolchain to Quantify Service Risks
 
SFScon 2020 - Luisa Romano - Cybersecurity Managers Liability and Use of Open...
SFScon 2020 - Luisa Romano - Cybersecurity Managers Liability and Use of Open...SFScon 2020 - Luisa Romano - Cybersecurity Managers Liability and Use of Open...
SFScon 2020 - Luisa Romano - Cybersecurity Managers Liability and Use of Open...
 
Enabling Developers in Your Application Security Program With Coverity and Th...
Enabling Developers in Your Application Security Program With Coverity and Th...Enabling Developers in Your Application Security Program With Coverity and Th...
Enabling Developers in Your Application Security Program With Coverity and Th...
 
Open Source Insight: 2017 Top 10 IT Security Stories, Breaches, and Predictio...
Open Source Insight: 2017 Top 10 IT Security Stories, Breaches, and Predictio...Open Source Insight: 2017 Top 10 IT Security Stories, Breaches, and Predictio...
Open Source Insight: 2017 Top 10 IT Security Stories, Breaches, and Predictio...
 
Disrupt or be disrupted – Using secure APIs to drive digital transformation
Disrupt or be disrupted – Using secure APIs to drive digital transformationDisrupt or be disrupted – Using secure APIs to drive digital transformation
Disrupt or be disrupted – Using secure APIs to drive digital transformation
 
Synopsys Security Event Israel Presentation: Keynote: Securing Your Software,...
Synopsys Security Event Israel Presentation: Keynote: Securing Your Software,...Synopsys Security Event Israel Presentation: Keynote: Securing Your Software,...
Synopsys Security Event Israel Presentation: Keynote: Securing Your Software,...
 
Open Source Insight: Samba Vulnerability, Connected Car Risks, and Are You R...
Open Source Insight: Samba Vulnerability, Connected Car Risks, and Are You R...Open Source Insight: Samba Vulnerability, Connected Car Risks, and Are You R...
Open Source Insight: Samba Vulnerability, Connected Car Risks, and Are You R...
 
Webinar–Building A Culture of Secure Programming in Your Organization
Webinar–Building A Culture of Secure Programming in Your OrganizationWebinar–Building A Culture of Secure Programming in Your Organization
Webinar–Building A Culture of Secure Programming in Your Organization
 
KPMG Survey: Is Unlicensed Software Usage Hurting Your Bottom Line
KPMG Survey: Is Unlicensed Software Usage Hurting Your Bottom LineKPMG Survey: Is Unlicensed Software Usage Hurting Your Bottom Line
KPMG Survey: Is Unlicensed Software Usage Hurting Your Bottom Line
 
Streaming Processes: Creating a Start-up Within a Big Corporate (Mohammad Sha...
Streaming Processes: Creating a Start-up Within a Big Corporate (Mohammad Sha...Streaming Processes: Creating a Start-up Within a Big Corporate (Mohammad Sha...
Streaming Processes: Creating a Start-up Within a Big Corporate (Mohammad Sha...
 
Webinar–That is Not How This Works
Webinar–That is Not How This WorksWebinar–That is Not How This Works
Webinar–That is Not How This Works
 

Mehr von Synopsys Software Integrity Group

Webinar–Mobile Application Hardening Protecting Business Critical Apps
Webinar–Mobile Application Hardening Protecting Business Critical AppsWebinar–Mobile Application Hardening Protecting Business Critical Apps
Webinar–Mobile Application Hardening Protecting Business Critical AppsSynopsys Software Integrity Group
 
Webinar–Financial Services Study Shows Why Investing in AppSec Matters
Webinar–Financial Services Study Shows Why Investing in AppSec MattersWebinar–Financial Services Study Shows Why Investing in AppSec Matters
Webinar–Financial Services Study Shows Why Investing in AppSec MattersSynopsys Software Integrity Group
 
Webinar–Improving Fuzz Testing of Infotainment Systems and Telematics Units U...
Webinar–Improving Fuzz Testing of Infotainment Systems and Telematics Units U...Webinar–Improving Fuzz Testing of Infotainment Systems and Telematics Units U...
Webinar–Improving Fuzz Testing of Infotainment Systems and Telematics Units U...Synopsys Software Integrity Group
 
Webinar–Is Your Software Security Supply Chain a Security Blind Spot?
Webinar–Is Your Software Security Supply Chain a Security Blind Spot?Webinar–Is Your Software Security Supply Chain a Security Blind Spot?
Webinar–Is Your Software Security Supply Chain a Security Blind Spot?Synopsys Software Integrity Group
 
Webinar–Sécurité Applicative et DevSecOps dans un monde Agile
Webinar–Sécurité Applicative et DevSecOps dans un monde AgileWebinar–Sécurité Applicative et DevSecOps dans un monde Agile
Webinar–Sécurité Applicative et DevSecOps dans un monde AgileSynopsys Software Integrity Group
 
Webinar – Using Metrics to Drive Your Software Security Initiative
Webinar – Using Metrics to Drive Your Software Security Initiative Webinar – Using Metrics to Drive Your Software Security Initiative
Webinar – Using Metrics to Drive Your Software Security Initiative Synopsys Software Integrity Group
 
Webinar–Vulnerabilities in Containerised Production Environments
Webinar–Vulnerabilities in Containerised Production EnvironmentsWebinar–Vulnerabilities in Containerised Production Environments
Webinar–Vulnerabilities in Containerised Production EnvironmentsSynopsys Software Integrity Group
 

Mehr von Synopsys Software Integrity Group (20)

Webinar–Segen oder Fluch?
Webinar–Segen oder Fluch?Webinar–Segen oder Fluch?
Webinar–Segen oder Fluch?
 
Webinar–Mobile Application Hardening Protecting Business Critical Apps
Webinar–Mobile Application Hardening Protecting Business Critical AppsWebinar–Mobile Application Hardening Protecting Business Critical Apps
Webinar–Mobile Application Hardening Protecting Business Critical Apps
 
Webinar–The 2019 Open Source Year in Review
Webinar–The 2019 Open Source Year in ReviewWebinar–The 2019 Open Source Year in Review
Webinar–The 2019 Open Source Year in Review
 
Webinar–Best Practices for DevSecOps at Scale
Webinar–Best Practices for DevSecOps at ScaleWebinar–Best Practices for DevSecOps at Scale
Webinar–Best Practices for DevSecOps at Scale
 
Webinar–OWASP Top 10 for JavaScript for Developers
Webinar–OWASP Top 10 for JavaScript for DevelopersWebinar–OWASP Top 10 for JavaScript for Developers
Webinar–OWASP Top 10 for JavaScript for Developers
 
Webinar–The State of Open Source in M&A Transactions
Webinar–The State of Open Source in M&A Transactions Webinar–The State of Open Source in M&A Transactions
Webinar–The State of Open Source in M&A Transactions
 
Webinar–5 ways to risk rank your vulnerabilities
Webinar–5 ways to risk rank your vulnerabilitiesWebinar–5 ways to risk rank your vulnerabilities
Webinar–5 ways to risk rank your vulnerabilities
 
Webinar–Using Evidence-Based Security
Webinar–Using Evidence-Based Security Webinar–Using Evidence-Based Security
Webinar–Using Evidence-Based Security
 
Webinar–Delivering a Next Generation Vulnerability Feed
Webinar–Delivering a Next Generation Vulnerability FeedWebinar–Delivering a Next Generation Vulnerability Feed
Webinar–Delivering a Next Generation Vulnerability Feed
 
Webinar–Financial Services Study Shows Why Investing in AppSec Matters
Webinar–Financial Services Study Shows Why Investing in AppSec MattersWebinar–Financial Services Study Shows Why Investing in AppSec Matters
Webinar–Financial Services Study Shows Why Investing in AppSec Matters
 
Webinar–What You Need To Know About Open Source Licensing
Webinar–What You Need To Know About Open Source LicensingWebinar–What You Need To Know About Open Source Licensing
Webinar–What You Need To Know About Open Source Licensing
 
Webinar–Improving Fuzz Testing of Infotainment Systems and Telematics Units U...
Webinar–Improving Fuzz Testing of Infotainment Systems and Telematics Units U...Webinar–Improving Fuzz Testing of Infotainment Systems and Telematics Units U...
Webinar–Improving Fuzz Testing of Infotainment Systems and Telematics Units U...
 
Webinar–Is Your Software Security Supply Chain a Security Blind Spot?
Webinar–Is Your Software Security Supply Chain a Security Blind Spot?Webinar–Is Your Software Security Supply Chain a Security Blind Spot?
Webinar–Is Your Software Security Supply Chain a Security Blind Spot?
 
Webinar–Sécurité Applicative et DevSecOps dans un monde Agile
Webinar–Sécurité Applicative et DevSecOps dans un monde AgileWebinar–Sécurité Applicative et DevSecOps dans un monde Agile
Webinar–Sécurité Applicative et DevSecOps dans un monde Agile
 
Webinar – Software Security 2019–Embrace Velocity
Webinar – Software Security 2019–Embrace Velocity Webinar – Software Security 2019–Embrace Velocity
Webinar – Software Security 2019–Embrace Velocity
 
Webinar - Developers Are Your Greatest AppSec Resource
Webinar - Developers Are Your Greatest AppSec ResourceWebinar - Developers Are Your Greatest AppSec Resource
Webinar - Developers Are Your Greatest AppSec Resource
 
Webinar – Using Metrics to Drive Your Software Security Initiative
Webinar – Using Metrics to Drive Your Software Security Initiative Webinar – Using Metrics to Drive Your Software Security Initiative
Webinar – Using Metrics to Drive Your Software Security Initiative
 
Webinar – Risk-based adaptive DevSecOps
Webinar – Risk-based adaptive DevSecOps Webinar – Risk-based adaptive DevSecOps
Webinar – Risk-based adaptive DevSecOps
 
Webinar–Vulnerabilities in Containerised Production Environments
Webinar–Vulnerabilities in Containerised Production EnvironmentsWebinar–Vulnerabilities in Containerised Production Environments
Webinar–Vulnerabilities in Containerised Production Environments
 
Infographic–A Look Back at the First Year of GDPR
Infographic–A Look Back at the First Year of GDPRInfographic–A Look Back at the First Year of GDPR
Infographic–A Look Back at the First Year of GDPR
 

Kürzlich hochgeladen

Sending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdfSending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdf31events.com
 
VictoriaMetrics Anomaly Detection Updates: Q1 2024
VictoriaMetrics Anomaly Detection Updates: Q1 2024VictoriaMetrics Anomaly Detection Updates: Q1 2024
VictoriaMetrics Anomaly Detection Updates: Q1 2024VictoriaMetrics
 
How to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationHow to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationBradBedford3
 
Strategies for using alternative queries to mitigate zero results
Strategies for using alternative queries to mitigate zero resultsStrategies for using alternative queries to mitigate zero results
Strategies for using alternative queries to mitigate zero resultsJean Silva
 
Comparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdfComparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdfDrew Moseley
 
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...OnePlan Solutions
 
What’s New in VictoriaMetrics: Q1 2024 Updates
What’s New in VictoriaMetrics: Q1 2024 UpdatesWhat’s New in VictoriaMetrics: Q1 2024 Updates
What’s New in VictoriaMetrics: Q1 2024 UpdatesVictoriaMetrics
 
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptxReal-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptxRTS corp
 
VictoriaMetrics Q1 Meet Up '24 - Community & News Update
VictoriaMetrics Q1 Meet Up '24 - Community & News UpdateVictoriaMetrics Q1 Meet Up '24 - Community & News Update
VictoriaMetrics Q1 Meet Up '24 - Community & News UpdateVictoriaMetrics
 
Keeping your build tool updated in a multi repository world
Keeping your build tool updated in a multi repository worldKeeping your build tool updated in a multi repository world
Keeping your build tool updated in a multi repository worldRoberto Pérez Alcolea
 
VK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web DevelopmentVK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web Developmentvyaparkranti
 
Ronisha Informatics Private Limited Catalogue
Ronisha Informatics Private Limited CatalogueRonisha Informatics Private Limited Catalogue
Ronisha Informatics Private Limited Catalogueitservices996
 
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Cizo Technology Services
 
Simplifying Microservices & Apps - The art of effortless development - Meetup...
Simplifying Microservices & Apps - The art of effortless development - Meetup...Simplifying Microservices & Apps - The art of effortless development - Meetup...
Simplifying Microservices & Apps - The art of effortless development - Meetup...Rob Geurden
 
Machine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their EngineeringMachine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their EngineeringHironori Washizaki
 
Amazon Bedrock in Action - presentation of the Bedrock's capabilities
Amazon Bedrock in Action - presentation of the Bedrock's capabilitiesAmazon Bedrock in Action - presentation of the Bedrock's capabilities
Amazon Bedrock in Action - presentation of the Bedrock's capabilitiesKrzysztofKkol1
 
SensoDat: Simulation-based Sensor Dataset of Self-driving Cars
SensoDat: Simulation-based Sensor Dataset of Self-driving CarsSensoDat: Simulation-based Sensor Dataset of Self-driving Cars
SensoDat: Simulation-based Sensor Dataset of Self-driving CarsChristian Birchler
 
Understanding Flamingo - DeepMind's VLM Architecture
Understanding Flamingo - DeepMind's VLM ArchitectureUnderstanding Flamingo - DeepMind's VLM Architecture
Understanding Flamingo - DeepMind's VLM Architecturerahul_net
 
SoftTeco - Software Development Company Profile
SoftTeco - Software Development Company ProfileSoftTeco - Software Development Company Profile
SoftTeco - Software Development Company Profileakrivarotava
 
Odoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 EnterpriseOdoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 Enterprisepreethippts
 

Kürzlich hochgeladen (20)

Sending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdfSending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdf
 
VictoriaMetrics Anomaly Detection Updates: Q1 2024
VictoriaMetrics Anomaly Detection Updates: Q1 2024VictoriaMetrics Anomaly Detection Updates: Q1 2024
VictoriaMetrics Anomaly Detection Updates: Q1 2024
 
How to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationHow to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion Application
 
Strategies for using alternative queries to mitigate zero results
Strategies for using alternative queries to mitigate zero resultsStrategies for using alternative queries to mitigate zero results
Strategies for using alternative queries to mitigate zero results
 
Comparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdfComparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdf
 
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
 
What’s New in VictoriaMetrics: Q1 2024 Updates
What’s New in VictoriaMetrics: Q1 2024 UpdatesWhat’s New in VictoriaMetrics: Q1 2024 Updates
What’s New in VictoriaMetrics: Q1 2024 Updates
 
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptxReal-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
 
VictoriaMetrics Q1 Meet Up '24 - Community & News Update
VictoriaMetrics Q1 Meet Up '24 - Community & News UpdateVictoriaMetrics Q1 Meet Up '24 - Community & News Update
VictoriaMetrics Q1 Meet Up '24 - Community & News Update
 
Keeping your build tool updated in a multi repository world
Keeping your build tool updated in a multi repository worldKeeping your build tool updated in a multi repository world
Keeping your build tool updated in a multi repository world
 
VK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web DevelopmentVK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web Development
 
Ronisha Informatics Private Limited Catalogue
Ronisha Informatics Private Limited CatalogueRonisha Informatics Private Limited Catalogue
Ronisha Informatics Private Limited Catalogue
 
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
 
Simplifying Microservices & Apps - The art of effortless development - Meetup...
Simplifying Microservices & Apps - The art of effortless development - Meetup...Simplifying Microservices & Apps - The art of effortless development - Meetup...
Simplifying Microservices & Apps - The art of effortless development - Meetup...
 
Machine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their EngineeringMachine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their Engineering
 
Amazon Bedrock in Action - presentation of the Bedrock's capabilities
Amazon Bedrock in Action - presentation of the Bedrock's capabilitiesAmazon Bedrock in Action - presentation of the Bedrock's capabilities
Amazon Bedrock in Action - presentation of the Bedrock's capabilities
 
SensoDat: Simulation-based Sensor Dataset of Self-driving Cars
SensoDat: Simulation-based Sensor Dataset of Self-driving CarsSensoDat: Simulation-based Sensor Dataset of Self-driving Cars
SensoDat: Simulation-based Sensor Dataset of Self-driving Cars
 
Understanding Flamingo - DeepMind's VLM Architecture
Understanding Flamingo - DeepMind's VLM ArchitectureUnderstanding Flamingo - DeepMind's VLM Architecture
Understanding Flamingo - DeepMind's VLM Architecture
 
SoftTeco - Software Development Company Profile
SoftTeco - Software Development Company ProfileSoftTeco - Software Development Company Profile
SoftTeco - Software Development Company Profile
 
Odoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 EnterpriseOdoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 Enterprise
 

Webinar–Open Source Risk in M&A by the Numbers

  • 1. © 2019 Synopsys, Inc.1 Phil Odence, General Manager, Synopsys Black Duck Audit Group phil.odence@synopsys.com May 2, 2019 Open Source Risks Persist—But Management Is Improving Open Source Risk in M&A by the Numbers
  • 2. © 2019 Synopsys, Inc.2 Agenda Background Software, open source, OSSRA report Results Usage, license risks, security risks Conclusions Trends, takeaways, and tips for managing in M&A Phil Odence, General Manager Black Duck Audit Group phil.odence@synopsys.com
  • 3. © 2019 Synopsys, Inc.3 Background Software, open source, OSSRA report
  • 4. © 2019 Synopsys, Inc.4 Modern software = Proprietary code + Open source components + Commercial components + API usage …inherent risks
  • 5. © 2019 Synopsys, Inc.5 The fundamental issue… Codebase Commercial third-party code Purchasing • Licensing? • Security? • Quality? • Support? Open source OPERATIONAL FACTORS Which versions of code are being used, and how old are they (dead projects)? LEGAL RISK Which licenses are used, and do they match anticipated use of the code? SECURITY RISK Which components have vulnerabilities, and what are they? Management visibility—not! “Many open-source assets are either undermanaged or altogether unmanaged.” —Gartner, 2017
  • 6. © 2019 Synopsys, Inc.6 Why acquirers worry • Concerns have gone from unusual to being the norm in tech M&A due diligence • “Many open-source assets are either undermanaged or altogether unmanaged once established within an IT portfolio.” —Gartner • And even more so for smaller companies • Deeper pockets may draw fire
  • 7. © 2019 Synopsys, Inc.7 Open Source Security and Risk Assessment • Fourth year • 1,200+ Black Duck Audits on codebases • Software of – Tech companies – Mostly M&A related • Data anonymized and aggregated
  • 8. © 2019 Synopsys, Inc.8 Black Duck Audits: 1,200+ codebases across all industries Industry Distribution Enterprise Software/SaaS 23% Healthcare, Health Tech, Life Sciences 11% Financial Services & FinTech 10% Big Data, AI, BI, Machine Learning 9% Retail & E-Commerce 7% Aerospace, Aviation, Automotive, Transportation, Logistics 6% Internet & Software Infrastructure 5% Internet of Things 5% Telecommunications & Wireless 4% Cybersecurity 3% Virtual Reality, Gaming, Entertainment, Media 3% Manufacturing, Industrials, Robotics 3% Internet and Mobile Apps 3% Marketing Tech 2% EdTech 2% Computer Hardware & Semiconductors 2% Energy & CleanTech 1%
  • 9. © 2019 Synopsys, Inc.9 Results Usage, license risks, security risks
  • 10. © 2019 Synopsys, Inc.10 Tech companies use open source…lots! of the 2018 audited code analyzed was open source of audited codebases contained open source of audited codebases contained more than 50% open source
  • 11. © 2019 Synopsys, Inc.11 And more than they know… • Few targets were able to produce a list with any confidence • When they could, it tended to be about 50% accurate Average codebase audited by Black Duck contained 298 open source components (up from 257 last year)
  • 12. © 2019 Synopsys, Inc.12 All industries use a substantial percentage of open source Table 2: Average percentage of open source in each audited codebase by industry
  • 13. © 2019 Synopsys, Inc.13 The top 10 components are quite common
  • 14. © 2019 Synopsys, Inc.14 Legal risk in software • Risk: Using code without complying with licenses can lead to lawsuits, loss of IP, distraction, reputational issues, remediation • License / terms-of-use issues – With respect to open source and third-party code – Requires analyzing software composition: what’s in the code • Copyright law applies to software: Essentially, you need a license • Fundamental challenge: Most companies don’t know what’s in their code
  • 15. © 2019 Synopsys, Inc.15 License issues remain significant in codebases contained custom licenses that had the potential to cause conflict or needed legal review contained components with license conflicts contained components that were “not licensed” contained some form of GPL conflict of the audited codebases contained license issues
  • 16. © 2019 Synopsys, Inc.16 Open source license compliance remains critical Percentage of codebases with license conflicts
  • 17. © 2019 Synopsys, Inc.17 Options for remediating license issues Remove A minor feature may not be worth the risk. Replace Perhaps with a similar open source or commercial component. For common capabilities, there may be similar components under compatible licenses. Rewrite Recreate the functionality with proprietary code. Relicense Some copyright holders are willing to license software under different terms, perhaps another open source license or some commercial arrangement. Respect As usage matters, there are cases, particularly with medium-risk licenses, that the way the component is used may be easily modified and allow you to respect the terms of the license.
  • 18. © 2019 Synopsys, Inc.18 Security is a growing focus in M&A “Companies are intensifying due diligence of acquisition targets to avoid costly cybersecurity surprises, particularly when intellectual property, such as software code or customer data drive the deal.”—WSJ “’Security problems,’ said ADP’s chief security officer Roland Cloutier, ‘could kill any deal.’”
  • 19. © 2019 Synopsys, Inc.19 Equifax breach focused attention on open source security Over 5,000 new vulnerabilities are discovered in open source components each year.
  • 20. © 2019 Synopsys, Inc.20 Open source vulnerabilities are commonplace, and organizations are failing to protect against them contained vulnerabilities over 10 years old of the audited codebases contained vulnerabilities contained high-risk vulnerabilities contained components that were more than four years out-of-date or had no development activity in the last two years
  • 21. © 2019 Synopsys, Inc.21 CVE-2000-0388 Reporting date May 9, 1990 Impact A buffer overflow when processing the TERMCAP environment variable in FreeBSD 3.4 and prior could result in a local exploit resulting in privilege escalation Mitigation Update the FreeBSD operating environment to a modern version A vulnerability older than many developers and found within the 2018 OSSRA dataset
  • 22. © 2019 Synopsys, Inc.22 Conclusions Trends, takeaways, and tips for managing in M&A
  • 23. © 2018 Synopsys, Inc.23 Trends • Usage continue up – 60% open source, up from 57% – Components per codebase 298, up from 257 • License compliance still an issue, but showing improvement – Codebases with conflicts 68% vs. 74% for 2017 • Security similarly has improved, though still a concern – 60% of codebases contained unpatched vulnerabilities, compared to 78% last year All good! ?
  • 24. © 2019 Synopsys, Inc.24 Key takeaways • For good reasons, open source makes up a significant amount of software in all industries • Most companies don’t manage very well, so… • Open source license and security issues pervade most codebases • In M&A, acquirers and sellers need to recognize and manage
  • 25. © 2019 Synopsys, Inc.25 Buyers: Manage the risk in M&A Due diligence • Disclosures – Policies – Processes • Discussions • Do Black Duck Audits Dealing • Remediation • Reps / warranties • Modified terms • Adjusted valuation
  • 26. © 2019 Synopsys, Inc.26 Sellers: Manage before the event One year out • Be prepared to provided open source bill of materials • Work with IP attorney • Implement open source strategy, policy, process, and tools • May be simple depending on organization Weeks/months out • Organize a prediligence audit • Remediate any issues and rescan • Provide report as a sales tool