Giving everyone a stake in the success of Open Source implementation. [Research Saturday]

FromCyberWire Daily

Start listening View podcast show

Giving everyone a stake in the success of Open Source implementation. [Research Saturday]

FromCyberWire Daily

ratings:

Length:

24 minutes

Released:

Jun 29, 2019

Format:

Podcast episode

Description

Synopsys recently published the 2019 edition of their Open Source Security and Risk Analysis (OSSRA) Report, providing an in-depth look at the state of open source security, compliance, and code quality risk in commercial software.

Tim Mackey is principal security strategist within the Synopsys Cyber Research Center, and he joins us to share their findings.
The research can be found here:
https://www.synopsys.com/software-integrity/resources/analyst-reports/2019-open-source-security-risk-analysis.html

Released:

Jun 29, 2019

Format:

Podcast episode

More Episodes from CyberWire Daily

Skip carousel

Double key encryption debate. by CyberWire Daily
45 min listen
10 years on: The 10th anniversary of the first indictment of Chinese PLA actors. [Special Edition] by CyberWire Daily
45 min listen
From secret images to encryption keys. [Research Saturday] by CyberWire Daily
22 min listen
Encore: Monica Ruiz: Moving ahead when not many look like you. [Policy] [Career Notes] by CyberWire Daily
8 min listen
MediSecure data breach hits Aussie healthcare. by CyberWire Daily
34 min listen
FBI strikes against a cybercrime syndicate. by CyberWire Daily
31 min listen
A bipartisan blueprint for American leadership. by CyberWire Daily
42 min listen
Google strikes back. by CyberWire Daily
34 min listen
A battle for digital sovereignty. by CyberWire Daily
34 min listen
Encore: Brandon Robinson: Built from the ground up. [Sales Engineer] [Career Notes] by CyberWire Daily
7 min listen
The double-edged sword of cyber espionage. [Research Saturday] by CyberWire Daily
20 min listen
Treasury's offensive in financial defense. by CyberWire Daily
46 min listen
Healthcare in the crosshairs. by CyberWire Daily
48 min listen
The takedown of a ransomware ringleader. by CyberWire Daily
41 min listen
Bonus Episode: 2024 Cybersecurity Canon Hall of Fame Inductee: Cybersecurity Myths and Misconceptions: Avoiding the Hazards and Pitfalls that Derail Us by Eugene Spafford, Leigh Metcalf, Josiah Dykstra and Illustrated by Pattie Spafford. [CSOP] by CyberWire Daily
16 min listen
Hack-proofing the future to shape cyberspace. by CyberWire Daily
32 min listen
Charting the course: Biden's blueprint for global cybersecurity. by CyberWire Daily
33 min listen
Bonus Episode: 2024 Cybersecurity Canon Hall of Fame Inductee: Tracers in the Dark by Andy Greenberg. [CSOP] by CyberWire Daily
18 min listen
Encore: Elizabeth Wharton: Strong shoulders for someone else to stand on. [Legal] [Career Notes] by CyberWire Daily
7 min listen
Geopolitical tensions rise with China. [Research Saturday] by CyberWire Daily
35 min listen
Ransomware attack turns legal attack. by CyberWire Daily
40 min listen
Dropbox sign breach exposes secrets. by CyberWire Daily
41 min listen
Retirement plan breach shakes financial giant. by CyberWire Daily
40 min listen
Ransomware is just a prescription for chaos. by CyberWire Daily
31 min listen
An unprecedented surge in credential stuffing. by CyberWire Daily
32 min listen
Encore: Jack Rhysider: Get your experience points in everything. [Media] [Career Notes] by CyberWire Daily
8 min listen
Cerber ransomware strikes Linux. [Research Saturday] by CyberWire Daily
16 min listen
Kaiser Permanente's privacy predicament. by CyberWire Daily
29 min listen
Cyber Talent Insights: Strengthening the cyber talent pipeline apparatus. (Part 3 of 3) [Special Edition] by CyberWire Daily
55 min listen
The shadowy adversary in Cisco's crosshairs. by CyberWire Daily
30 min listen

Related podcast episodes

Skip carousel

With Software, Hope Is A Strategy with Jonathan Knudsen: Joining us this week is Jonathan Knudsen, Head of Global Research for the CyRC, cybersecurity research center, at Synopsys Inc. To understand the vulnerability landscape in software, you have to first understand how software is made. Jonathan shares... by To The Point - Cybersecurity
25 min listen
With Software, Hope Is A Strategy with Jonathan Knudsen Part 2: Joining us this week is Jonathan Knudsen, Head of Global Research for the CyRC, cybersecurity research center, at Synopsys Inc. To understand the vulnerability landscape in software, you have to first understand how software is made. Jonathan shares... by To The Point - Cybersecurity
24 min listen
Key Findings From The Newly Released BSIMM11 Report - Mike Ware - PSW #667: BSIMM11, the latest version of the Building Security In Maturity Model (BSIMM), was created to help organizations plan, execute, measure, and improve their Application Security program/initiatives. BSIMM11 reflects the software security practices... by Security Weekly Podcast Network (Video)
49 min listen
Highlights From the New Open Source Security and Risk Analysis Report - Tim Mackey - ASW #108: The 2020 OSSRA report shows that 91% of commercial applications contain outdated or abandoned open source components. The report, produced by the Synopsys Cybersecurity Research Center (CyRC), examines the results of more than 1,250 audits of... by Security Weekly Podcast Network (Video)
1 min listen
Highlights From the New Open Source Security and Risk Analysis Report - Tim Mackey - ASW #108 by Application Security Weekly (Video)
1 min listen
Under Pressure - Building Security Into Application Development - Patrick Carey - ESW #196: A recent study by Enterprise Strategy Group, commissioned by Synopsys, revealed that nearly half of the cybersecurity and development professionals surveyed indicate that their organization knowingly pushes vulnerable code into production due to time... by Security Weekly Podcast Network (Video)
32 min listen
Under Pressure - Building Security Into Application Development - Patrick Carey - ESW #196: A recent study by Enterprise Strategy Group, commissioned by Synopsys, revealed that nearly half of the cybersecurity and development professionals surveyed indicate that their organization knowingly pushes vulnerable code into production due to time... by Enterprise Security Weekly (Video)
32 min listen
AppSec Orchestration/Correlation & DevSecOps Efficiency - Anita D'Amico, Patrick Carey - ASW #167: In its 2019 Hype Cycle for Application Security report, Gartner revealed a new, “high-priority” category called Application Security Orchestration and Correlation (ASOC). ASOC delivers three primary benefits to the AppSec process within... by Security Weekly Podcast Network (Video)
38 min listen
AppSec Orchestration/Correlation & DevSecOps Efficiency - Anita D'Amico, Patrick Carey - ASW #167: In its 2019 Hype Cycle for Application Security report, Gartner revealed a new, “high-priority” category called Application Security Orchestration and Correlation (ASOC). ASOC delivers three primary benefits to the AppSec process within... by Application Security Weekly (Video)
38 min listen
ESW #312 - Tom Kellermann, Donald Fischer: Kellermann will discuss the recently published report “Cyber Bank Heist” that exposes the cybersecurity threats facing the financial sector. Security must be a top-of-mind issue amid rising geopolitical tensions, increased destructive attacks... by Security Weekly Podcast Network (Audio)
157 min listen
052 7 of the Top 10 Vulnerabilities Target Microsoft: 052 7 of the Top 10 Vulnerabilities Target Microsoft by Inside Security Intelligence
21 min listen
Day Zero: Moshe Zioni, VP of security research at Apiiro has been researching security for over 20 years in multiple industries. In this episode of Cybersecurity Unplugged, Zioni discusses the downstream dependencies on other open source programs that are... by Cybersecurity Unplugged
36 min listen
Development Decisions Affect The Security Of Any Application - Tim Mackey - ASW #86: Tim Mackey is the Principal Security Strategist at Synopsys. Measuring the risk of those decisions isn't something contained within a single tool, but instead requires a set of perspectives on how a "bad decision" can manifest itself in the security... by Security Weekly Podcast Network (Video)
33 min listen
Development Decisions Affect The Security Of Any Application - Tim Mackey - ASW #86: Tim Mackey is the Principal Security Strategist at Synopsys. Measuring the risk of those decisions isn't something contained within a single tool, but instead requires a set of perspectives on how a "bad decision" can manifest itself in the security... by Application Security Weekly (Video)
33 min listen
Software Trust & Adversaries, Developer-Focused Security - Shannon Lietz, Melinda Marks - ASW #246: Infosec is still figuring out useful metrics, how to talk about risk, and how to make resilience more relevant. Shannon talks about a new community effort to measure software trust. She also covers threat modeling and adversary management as steps... by Security Weekly Podcast Network (Audio)
77 min listen
Love Your Energy - ESW #223: This week, In the first segment, Ryan Noon from Material Security join us for a discussion on Zero Trust! Next up, John Loucaides joins for an interview on firmware attacks, and what enterprises need to do! In the Enterprise Security News:Cyble raises... by Security Weekly Podcast Network (Audio)
97 min listen
ASW #241 - Asaf Ashkenazi, Chris Eng, Jeff Martin: What happens to an app's security after six months? What about a year or two years? A Secure SDLC needs to maintain security throughout an app's lifetime, but too often the rate of new flaws can outpace the rate of new code within an app. Appsec teams... by Security Weekly Podcast Network (Audio)
68 min listen
The Evolving Phishing Threat & Protect Valuable Data as Workforce Volatility Rages - ESW #277: Phishing attacks are increasingly focused on new vectors such as social media, business collaboration apps, and text messages. These vectors generally lack any protection for the end user. How can we protect against these attacks that are increasingly... by Security Weekly Podcast Network (Video)
33 min listen
The Evolving Phishing Threat & Protect Valuable Data as Workforce Volatility Rages - ESW #277: Phishing attacks are increasingly focused on new vectors such as social media, business collaboration apps, and text messages. These vectors generally lack any protection for the end user. How can we protect against these attacks that are increasingly... by Enterprise Security Weekly (Video)
33 min listen
AI Risks, Application Performance - Padraic O'Reilly, Shibu George - BSW #339: Released on January 26, 2023, the NIST AI RMF Framework was developed through a consensus-driven, open, transparent, and collaborative process that included a Request for Information, several draft versions for public comments, multiple workshops, and... by Security Weekly Podcast Network (Audio)
66 min listen
Optimizing Security Investment: Sophos' Vision for MDR Excellence - Andrew Mundell - ESW #321: Explore the rapidly-evolving landscape of Managed Detection and Response (MDR) with insights from Sophos, a pioneering MDR provider. Understand how businesses can gain superior security outcomes and better value from their investments by integrating... by Enterprise Security Weekly (Video)
39 min listen
Optimizing Security Investment: Sophos' Vision for MDR Excellence - Andrew Mundell - ESW #321: Explore the rapidly-evolving landscape of Managed Detection and Response (MDR) with insights from Sophos, a pioneering MDR provider. Understand how businesses can gain superior security outcomes and better value from their investments by integrating... by Security Weekly Podcast Network (Video)
39 min listen
Getting and Staying Cyber Ready with Smarter, Simpler Security and MDR - ESW #316 by Security Weekly Podcast Network (Video)
36 min listen
Starting with Appsec -- Is It More of a Position or a Process? - ASW #264: This year we've talked about vulns, clouds, breaches, presentations, and all the variations of Dev, Sec, and Ops. As we end the year, let's talk about starting things -- like starting an appsec program or an appsec career. But is there still a need... by Security Weekly Podcast Network (Audio)
74 min listen
Getting and Staying Cyber Ready with Smarter, Simpler Security and MDR - ESW #316 by Enterprise Security Weekly (Video)
36 min listen
PSW #770 - Brian Behlendorf: This week in the Security News: GetVariable strikes again, attackers could blow up your computer remotely, escaping containers, null-dereferences and faulty evaluations, 31 new CPU vulnerabilities for AMD, a look into Chrome, santa, not-so-secure... by Security Weekly Podcast Network (Audio)
168 min listen
Managing Threats, Reduce your Attack Surface, MDR Evolved - Antonio Sanchez, Randy Watkins, Richard Yew - ESW #328: The rapid growth of APIs used to build microservices in cloud-native architecture has left many enterprises in the dark when it comes to knowing where, how many, and what types of APIs they have. With multiple teams creating their own API endpoints... by Enterprise Security Weekly (Video)
36 min listen
Managing Threats, Reduce your Attack Surface, MDR Evolved - Antonio Sanchez, Randy Watkins, Richard Yew - ESW #328: The rapid growth of APIs used to build microservices in cloud-native architecture has left many enterprises in the dark when it comes to knowing where, how many, and what types of APIs they have. With multiple teams creating their own API endpoints... by Security Weekly Podcast Network (Video)
36 min listen
Staying Ahead of Hackers: Protecting Mobile Apps & Detecting Malicious Packages - Asaf Ashkenazi, Jeff Martin - ASW #241: Learn how hackers are exploiting the trust that mobile app owners place in their customers. Hackers are increasingly modifying app code, posing as trusted customers, and infiltrating IT infrastructure. This segment is sponsored by Verimatrix. Visit... by Application Security Weekly (Video)
27 min listen
Staying Ahead of Hackers: Protecting Mobile Apps & Detecting Malicious Packages - Asaf Ashkenazi, Jeff Martin - ASW #241: Learn how hackers are exploiting the trust that mobile app owners place in their customers. Hackers are increasingly modifying app code, posing as trusted customers, and infiltrating IT infrastructure. This segment is sponsored by Verimatrix. Visit... by Security Weekly Podcast Network (Video)
27 min listen

Discover this podcast and so much more

Giving everyone a stake in the success of Open Source implementation. [Research Saturday]

Giving everyone a stake in the success of Open Source implementation. [Research Saturday]

Description

More Episodes from CyberWire Daily

Related podcast episodes