Driving Quality, Security and Compliance in Third- Party Code

Size: px
Start display at page:

Download "Driving Quality, Security and Compliance in Third- Party Code"

Transcription

1 Driving Quality, Security and Compliance in Third- Party Code Dave Gruber Director of Product Marketing, Black Duck Keri Sprinkle Sr Product Marketing Manager, Coverity Jon Jarboe Sr Technical Marketing Manager, Coverity

2 Software is at the heart of disruptive business models 2 Copyright Coverity, Inc. and Black Duck, 2013

3 The Global State of Open Source Software is Eating the World Marc Andreessen And Open Source is Driving the Software World Open Source Projects 1M Projects 100B LoC 10M personyears Source: Black Duck Software 3 Copyright Coverity, Inc. and Black Duck, 2013

4 81% of business leaders believe that technology is a fundamental element of their business model Over 60 million tablets and 175 million smartphones will be in the workplace by the end of 2012 Software By 2016, open source software will be included in mission-critical applications within 99% of Global 2000 enterprises 4 Copyright Coverity, Inc. and Black Duck, 2013

5 Software today is Multi-Source OSS Communities Internally Developed Code Outsourced Code Development Commercial 3 rd- Party Code Your Software Application THE ENTERPRISE TOOLS, PROCESSES Global 2000 organizations increasingly leverage code from a vast array of sources including internally built, open source, outsourced, commercially built, and customized applications. - Melinda Ballou, IDC 5 Copyright Coverity, Inc. and Black Duck, 2013

6 3 rd Party Code Software Supply Chain Out sourcing Commercial 3 rd -party OEM Open Source Multi-tier Supply Chain 3 rd Tier Supplier 2 nd Tier Supplier 1 st Tier Supplier 6 Copyright Coverity, Inc. and Black Duck, 2013

7 Defect/Issue Types Code Quality Defects 7 Copyright Coverity, Inc. and Black Duck, 2013

8 Defects, Quality and Cost Quality issues 85% Quality Costs Found Introduced Coding Unit test Function Field test stage test Capers Jones, applied software measurement: assuring productivity and quality. Post release 8 Copyright Coverity, Inc. and Black Duck, 2013

9 But what about supply chain? Near-finished SW arrives at your doorstep Cycles are Costly and Time-Consuming Discovering issues at this point requires a cycle back to one or more suppliers Supply Chain Supply Chain Supply Chain 9 Copyright Coverity, Inc. and Black Duck, 2013

10 60 million lines of code written by developers every day $60 billion annual U.S. cost due to poor software quality 80% software development budget spent fixing software defects 10 Copyright Coverity, Inc. and Black Duck, 2013

11 Development Testing Build Better Software Faster Analyze Accurately detect issues difficult to find through traditional testing Remediate Quickly and efficiently manage issues to resolution Govern Enforce a consistent standard for quality, security, licensing and testing 11 Copyright Coverity, Inc. and Black Duck, 2013

12 Coverity is the leader Company and Technology Innovation Founded in 2003 at Stanford Computer Science Laboratory 300 employees across 13 offices and 10 countries worldwide 16 patents and 4 pending for platform and analysis algorithms Customer and Market Leadership Over 1,100 world-class customers Over 5 billion lines of code under management #1 in Software Quality Analysis market IDC #1 in Automated Test and Verification market VDC Transformational company in testing market voke Best software development solution

13 Authoritative source on OSS quality Coverity Scan: free cloud-based service for open source ,000 leading open source projects defects fixed by community The bottom line is that Coverity has an excellent product, and if you run or contribute to an open source project written in C/C++ you should be using Coverity Scan. It will likely find bugs that can certainly have security implications in your code. -Michael Rash, Security Researcher

14 Development Testing Transform software testing from reactive to proactive Fewer defects escape dev Design Development Quality Assurance Product Release & Management 5x cost 10x cost 30x cost 14 Copyright Coverity, Inc., 2013

15 Coverity Development Testing Platform Analyze Remediate Govern Analysis Packs Dynamic Analysis Policy Manager Coverity Connect SDLC Integrations Third Party Metrics IDE Architecture Analysis Analysis Integrations Quality Advisor Security Advisor Test Advisor Code Coverage Test Execution Build/ Continuous Integration Defect Tracking Analysis Integration Toolkit Coverity SAVE Static Analysis Verification Engine SCM ALM Proprietary Code Open Source Code 15 Copyright Coverity, Inc., 2013

16 The industry s first developer-friendly software testing platform Integration into development workflow IDE Defect tracking SCM Build/CI ALM Analysis Accuracy Proven false positive rate of less than 10% on codebases over 1M lines of code Remediation Guidance Show path to defect and fix guidance in context of developer s code patent-pending security remediation engine Performance and Scale Proven scale on codebases up to 100M Analysis runs in minutes to hours vs. days to weeks Coverity enables developers to produce secure code and gives developers a more positive attitude about addressing security, while ultimately leads to fixing defects. -Gerold Hubner, Chief Product Security Officer at SAP

17 Automate testing within the inner loop of development Writes code Centralized Source Control build Fixes New Management Prioritized Assigned critical Creates issues generated back issues unit are defects System found to test appropriate Prioritized developer tests Analyzes code Interprocedural quality and security defects New tests required because of change impact

18 Build a stage gate across the SDLC Planning Deployment Requirements Security Audit No Uninspected No New Quality Defects or Security Defects No Critical Security Quality Defects All Critical Code Tested All Critical Code Tested Analysis and Design Quality Assurance Development

19 Gain executive level visibility into risk Across teams, projects and components

20 The Golden Rule for Proper Software Supply Chain Management Treat the management of open source software as an integrated, cross functional business process, and not simply as a development process.

21 Best Practices for Managing Open Source Policy Process Technology 1. Adopt and enforce an open source and third-party code policy 2. Identify and track all external code that is used 3. Automate validation at the point of acquisition and development 4. Automate monitoring and tracking open source components 5. Control the use of components and promote standardization 6. Use automation tools to produce complete Bills of Material and reports for supply chain partners

22 License Management License Policy Know what licenses apply to what use cases Informed Choices Helping developers have up-front insight into licenses and policy Approvals Streamlined, automated approval process Auditing OSS still sneaks in, so auditing is required throughout the process

23 Visibility and Monitoring of Security Vulnerabilities Are there known security vulnerabilities in components that I want to use? Is anyone paying attention to vulnerability reports postdeployment? Are version updates available that resolve security vulnerabilities?

24 Automating the Process Application development cycle Plan Code Build Test Release Open source governance lifecycle Acquire Approve Catalog Audit Monitor Description Version Vulnerabilities Cryptography License Maturity Deep License Data Black Duck KnowledgeBase

25 Starting Point Baselining your codebase Bill-of-Materials Open Source Components Licenses Versions Auditing all inbound SW from suppliers BOMs Licenses and obligations Cataloging OSS for fast access when issues/defects are reported Using SPDX to communicate with your supply chain

26 Software Package Data Exchange (SPDX ) The SPDX Specification enables suppliers and consumers of software that contains open source code to provide a "bill of materials" that describes the open source licenses and components that are included. The specification defines a common file format to communicate this information. Working group of FOSSBazaar (governance best practices group under Linux Foundation) Charter: Create data exchange standards to enable license and component information sharing (metadata) Participation from software, systems and tool vendors, consultants and foundations

27 Working with Suppliers Setting expectations with suppliers at the beginning of your relationship Share your open source policy Require a Bill of Materials for all OSS used Audit/Scan results for quality, security and license You must be able to audit their contributions For Code Quality For Licenses For Security Vulnerabilities Automated tools are critical with supply-chain, inbound SW

28 No licenses means no permission 100% 90% 80% 70% 60% 50% 40% 30% 20% 10% 0% 7% 93% Non GitHub 77% 23% GitHub No Declared Declared 42% have Embedded Licenses These embedded licenses contain specific obligations that govern the use of the overall project. The lack of a declared license for an open source project can cause an enterprise to steer clear of it, limiting the projects organizations can use. The ability to access embedded license information and obligations up-front during the code selection process opens a sizeable opportunity for enterprises and could have significant impact on their bottom line. - Mark Driver, Vice President and Research Director, Gartner.

29 Strategic Use of Open Source 80% 30% Average* Best in class *Source: IDC 2012

30 Black Duck Coverity Integration Solution demo

31 Simplified Architecture Combining Coverity and Black Duck Policy Manager Coverity Connect Unified Database Coverity Analysis Commit Results Issue Repository Black Duck Analysis IDE (Eclipse, Visual Studio, etc.)

32 Remediate Critical Quality Defects Leveraging a Robust Issue Management Repository Prioritize and filter based on impact CWE compatible mapping and knowledge base Automatically assign defects to owners Identify the exact path to the defect Automatically identify every occurrence of a defect across branches

33 Example Licensing Issue from Black Duck

34 Coverity Policy Manager

35 Coverity Policy Manager

36 Coverity Policy Manager

37 Coverity Policy Manager

38 Coverity Policy Manager

39 Coverity Policy Manager 2 1

40

41 Development Testing Maturity Model Level 5 Integration into SDLC High Level 1 Detection of critical quality and security defects as part of SW build process. No new defects introduced. Level 2 Identification of areas of risk caused by insufficient automated testing. Ensure critical code is prioritized and tested. Level 3 Integration into the existing SDLC using a common workflow for all defects and test effectiveness issues. Level 4 Establish and enforce consistent source code quality and security policies. Establish source code acceptance criteria. All legacy defects eliminated, build fails if new defects are introduced. All critical code and code impacted by change is tested. Development Testing Adoption High 41 Copyright Coverity, Inc. and Black Duck, 2013

42 Black Duck and Coverity Build Better Software Faster Analyze Accurately detect issues difficult to find through traditional testing Remediate Quickly and efficiently manage issues to resolution Govern Enforce a consistent standard for quality, security, licensing and testing 42 Copyright Coverity, Inc. and Black Duck, 2013

43 Questions?

How to Avoid 5 Common Pitfalls in Open Source Utilization. July 2013

How to Avoid 5 Common Pitfalls in Open Source Utilization. July 2013 How to Avoid 5 Common Pitfalls in Open Source Utilization July 2013 Today s Presenters Phil Odence Black Duck Baruch Sadogursky JFrog 2 Agenda Open Source Trends Avoiding 5 Common Pitfalls JFrog Artifactory

More information

HOW TO UTILIZE OPEN SOURCE IN YOUR CODE BASE AND BUILD PROCESS. 2015 Black Duck Software, Inc. All Rights Reserved.

HOW TO UTILIZE OPEN SOURCE IN YOUR CODE BASE AND BUILD PROCESS. 2015 Black Duck Software, Inc. All Rights Reserved. HOW TO UTILIZE OPEN SOURCE IN YOUR CODE BASE AND BUILD PROCESS 2015 Black Duck Software, Inc. All Rights Reserved. TODAY S PRESENTERS Baruch Sadogursky JFrog Dave Gruber Black Duck 2 2015 Black Duck Software,

More information

Managing Open Source Code Best Practices

Managing Open Source Code Best Practices Managing Open Source Code Best Practices September 24, 2008 Agenda Welcome and Introduction Eran Strod Open Source Best Practices Hal Hearst Questions & Answers Next Steps About Black Duck Software Accelerate

More information

Open Source Software and the impact on Mergers & Acquisitions

Open Source Software and the impact on Mergers & Acquisitions Open Source Software and the impact on Mergers & Acquisitions Black Duck 2013 Speakers Russell Hartz VP of Corporate Development SAP Oliver Vivell Senior Director of Corporate Development SAP Matthew Jacobs

More information

What Developers, Cars & Banks Have in Common: Best Practices for Open Source Governance

What Developers, Cars & Banks Have in Common: Best Practices for Open Source Governance What Developers, Cars & Banks Have in Common: Best Practices for Open Source Governance Shoken Kim Black Duck Software June 7, 2012 Linux Con Japan Compliance Mini-Track Overview Trends Strategic use of

More information

Adapting IT Governance Frameworks to Ensure Control and Visibility of Open Source

Adapting IT Governance Frameworks to Ensure Control and Visibility of Open Source Adapting IT Governance Frameworks to Ensure Control and Visibility of Open Source Dave Lounsbury, CTO & Vice President, The Open Group Peter Vescuso, EVP of Marketing & Business Development, Black Duck

More information

Phil Marshall Black Duck Software. 2012 ISACA Webinar Program. 2012 ISACA. All rights reserved.

Phil Marshall Black Duck Software. 2012 ISACA Webinar Program. 2012 ISACA. All rights reserved. Open Source Component Governance and Management Using COBIT Phil Marshall Black Duck Software 2012 ISACA Webinar Program. 2012 ISACA. All rights reserved. Welcome Type in questions using the Ask A Question

More information

Coverity Services. World-class professional services, technical support and training from the Coverity development testing experts

Coverity Services. World-class professional services, technical support and training from the Coverity development testing experts Coverity Services World-class professional services, technical support and training from the Coverity development testing experts Coverity has helped over 1,100 customers around the globe assure the quality,

More information

Streamlining Open Source License Compliance with SPDX

Streamlining Open Source License Compliance with SPDX Streamlining Open Source License Compliance with SPDX Kirsten Newcomer Black Duck Software June 7, 2012 Linux Con Japan Compliance Mini Track Overview Software is everywhere How SPDX helps the supply chain

More information

Copyright 11/1/2010 BMC Software, Inc 1

Copyright 11/1/2010 BMC Software, Inc 1 Copyright 11/1/2010 BMC Software, Inc 1 Copyright 11/1/2010 BMC Software, Inc 2 Copyright 11/1/2010 BMC Software, Inc 3 The current state of IT Service How we work today! INCIDENT SERVICE LEVEL DATA SERVICE

More information

BOM based on what they input into fossology.

BOM based on what they input into fossology. SPDX Tool Website SPDX Tool Description License and copyright scanner that emits license names that conform to SPDX. In March a module should be added that gives the user an SPDX FOSSology fossology.org

More information

5 Steps for a Winning Open Source Compliance Program

5 Steps for a Winning Open Source Compliance Program 5 Steps for a Winning Open Source Compliance Program Kellan Ponikiewicz Peter Vescuso @black_duck_sw Black Duck 2013 Speakers Peter Vescuso EVP of Marketing Black Duck Software Kellan Ponikiewicz IP Counsel

More information

The Corporate Counsel s Guide to Open Source Software Policy Implementation

The Corporate Counsel s Guide to Open Source Software Policy Implementation The Corporate Counsel s Guide to Open Source Software Policy Implementation How to Protect the Enterprise from Risk while Helping Your Company More Efficiently Develop and Maintain Applications Black Duck

More information

Operationalizing Application Security & Compliance

Operationalizing Application Security & Compliance IBM Software Group Operationalizing Application Security & Compliance 2007 IBM Corporation What is the cost of a defect? 80% of development costs are spent identifying and correcting defects! During the

More information

Executive Briefing: Four Steps to Creating an Effective Open Source Policy. Greg Olson Sr. Director OSS Management Olliance Group

Executive Briefing: Four Steps to Creating an Effective Open Source Policy. Greg Olson Sr. Director OSS Management Olliance Group Executive Briefing: Four Steps to Creating an Effective Open Source Policy Greg Olson Sr. Director OSS Management Olliance Group Speaker Greg Olson Sr. Director, Open Source Management Over 30 years of

More information

Driving Business Agility with the Use of Open Source Software

Driving Business Agility with the Use of Open Source Software Driving Business Agility with the Use of Open Source Software Speakers Peter Vescuso EVP of Marketing & Business Development Black Duck Software Melinda Ballou Program Director, Application Life-Cycle

More information

Accelerating Software Security With HP. Rob Roy Federal CTO HP Software

Accelerating Software Security With HP. Rob Roy Federal CTO HP Software Accelerating Software Security With HP Rob Roy Federal CTO HP Software If we were in a cyberwar today, the United States would lose. Mike McConnell Former DNI, NSA. Head of Booz Allen Hamilton National

More information

OSS LOGISTICS: DRIVING INNOVATIVE SOFTWARE FROM DEVELOPER TO CUSTOMER Alex Bigmore Senior Architect & Open Source Governance Programme Manager SITA

OSS LOGISTICS: DRIVING INNOVATIVE SOFTWARE FROM DEVELOPER TO CUSTOMER Alex Bigmore Senior Architect & Open Source Governance Programme Manager SITA OSS LOGISTICS: DRIVING INNOVATIVE SOFTWARE FROM DEVELOPER TO CUSTOMER Alex Bigmore Senior Architect & Open Source Governance Programme Manager SITA Phil Granof EVP & Chief Marketing Officer Black Duck

More information

Coverity White Paper. Reduce Your Costs: Eliminate Critical Security Vulnerabilities with Development Testing

Coverity White Paper. Reduce Your Costs: Eliminate Critical Security Vulnerabilities with Development Testing Reduce Your Costs: Eliminate Critical Security Vulnerabilities with Development Testing The Stakes Are Rising Security breaches in software and mobile devices are making headline news and costing companies

More information

Table of contents. Best practices in open source governance. Managing the selection and proliferation of open source software across your enterprise

Table of contents. Best practices in open source governance. Managing the selection and proliferation of open source software across your enterprise Best practices in open source governance Managing the selection and proliferation of open source software across your enterprise Table of contents The importance of open source governance... 2 Executive

More information

Scanning Open Source Software and Managing License Obligations on IBM SmartCloud. Because code travels

Scanning Open Source Software and Managing License Obligations on IBM SmartCloud. Because code travels Scanning Open Source Software and Managing License Obligations on IBM SmartCloud Because code travels 1 Webinar Agenda Protecode & IBM SmartCloud Company IBM Partnership Solutions Managing Code Obligations

More information

Simplify and Automate IT

Simplify and Automate IT Simplify and Automate IT Expectations have never been higher Reduce IT Costs 30% increase in staff efficiency Reduce support costs by 25% Improve Quality of Service Reduce downtime by 75% 70% faster MTTR

More information

Development Testing for Agile Environments

Development Testing for Agile Environments Development Testing for Agile Environments November 2011 The Pressure Is On More than ever before, companies are being asked to do things faster. They need to get products to market faster to remain competitive

More information

Implement a unified approach to service quality management.

Implement a unified approach to service quality management. Service quality management solutions To support your business objectives Implement a unified approach to service quality management. Highlights Deliver high-quality software applications that meet functional

More information

Orchestrated. Release Management. Gain insight and control, eliminate ineffective handoffs, and automate application deployments

Orchestrated. Release Management. Gain insight and control, eliminate ineffective handoffs, and automate application deployments Orchestrated Release Management Gain insight and control, eliminate ineffective handoffs, and automate application deployments Solution Brief Challenges Release management processes have been characterized

More information

Seven Practical Steps to Delivering More Secure Software. January 2011

Seven Practical Steps to Delivering More Secure Software. January 2011 Seven Practical Steps to Delivering More Secure Software January 2011 Table of Contents Actions You Can Take Today 3 Delivering More Secure Code: The Seven Steps 4 Step 1: Quick Evaluation and Plan 5 Step

More information

HP Application Lifecycle Management

HP Application Lifecycle Management HP Application Lifecycle Management Overview HP Application Lifecycle Management is a software solution expressly designed to allow your team to take control of the application lifecycle while investing

More information

Q1 Labs Corporate Overview

Q1 Labs Corporate Overview Q1 Labs Corporate Overview The Security Intelligence Leader Who we are: Innovative Security Intelligence software company One of the largest and most successful SIEM vendors Leader in Gartner 2011, 2010,

More information

Open Source Compliance: The Challenge of Managing Abundance. Peter Vescuso Black Duck Software

Open Source Compliance: The Challenge of Managing Abundance. Peter Vescuso Black Duck Software Open Source Compliance: The Challenge of Managing Abundance Peter Vescuso Black Duck Software Open Source Compliance: The Challenge of Managing Abundance Agenda The abundance The Challenges Meeting the

More information

Achieving Control: The Four Critical Success Factors of Change Management. Technology Concepts & Business Considerations

Achieving Control: The Four Critical Success Factors of Change Management. Technology Concepts & Business Considerations Achieving Control: The Four Critical Success Factors of Change Management Technology Concepts & Business Considerations T e c h n i c a l W H I T E P A P E R Table of Contents Executive Summary...........................................................

More information

Vulnerability Management

Vulnerability Management Vulnerability Management Buyer s Guide Buyer s Guide 01 Introduction 02 Key Components 03 Other Considerations About Rapid7 01 INTRODUCTION Exploiting weaknesses in browsers, operating systems and other

More information

Simplify and Automate IT

Simplify and Automate IT Simplify and Automate IT The current state of IT INCIDENT SERVICE LEVEL DATA SERVICE REQUEST ASSET RELEASE CONFIGURATION GOVERNANCE AND COMPLIANCE EVENT AND IMPACT ENTERPRISE SCHEDULING DASHBOARDS CAPACITY

More information

Application Outsourcing: The management challenge

Application Outsourcing: The management challenge White Paper Application Outsourcing: The management challenge Embedding software quality management for mutual benefit Many large organizations that rely on mainframe applications outsource the management

More information

IBM Rational AppScan: Application security and risk management

IBM Rational AppScan: Application security and risk management IBM Software Security November 2011 IBM Rational AppScan: Application security and risk management Identify, prioritize, track and remediate critical security vulnerabilities and compliance demands 2 IBM

More information

Master Data Management Defining & Measuring MDM Maturity, A Continuous Improvement Approach

Master Data Management Defining & Measuring MDM Maturity, A Continuous Improvement Approach Master Data Management Defining & Measuring MDM Maturity, A Continuous Improvement Approach DEFINE IMPROVE MEASURE Presentation by Mark Allen 1 About the Author Mark Allen has over 25 years of data management

More information

CGI Payments360. Moving money with greater agility and confidence. Experience the commitment

CGI Payments360. Moving money with greater agility and confidence. Experience the commitment CGI Payments360 Moving money with greater agility and confidence Experience the commitment Addressing today s payments realities Customers want the ability to buy anything, pay anyone and bank anywhere

More information

DESIGNED FOR YOUR INDUSTRY. SCALED TO YOUR BUSINESS. READY FOR YOUR FUTURE. SAP INDUSTRY BRIEFING FOR HEATING, VENTILATION, AIR CONDITIONING, AND

DESIGNED FOR YOUR INDUSTRY. SCALED TO YOUR BUSINESS. READY FOR YOUR FUTURE. SAP INDUSTRY BRIEFING FOR HEATING, VENTILATION, AIR CONDITIONING, AND DESIGNED FOR YOUR INDUSTRY. SCALED TO YOUR BUSINESS. READY FOR YOUR FUTURE. SAP INDUSTRY BRIEFING FOR HEATING, VENTILATION, AIR CONDITIONING, AND PLUMBING EQUIPMENT MANUFACTURERS BEST-RUN HVAC AND PLUMBING

More information

Developers and the Software Supply Chain. Andy Chou, PhD Chief Technology Officer Coverity, Inc.

Developers and the Software Supply Chain. Andy Chou, PhD Chief Technology Officer Coverity, Inc. Developers and the Software Supply Chain Andy Chou, PhD Chief Technology Officer Coverity, Inc. About Andy CTO at Coverity since 2010 Co-founder at Coverity, 2003 From five guys in a garage to 280 employees

More information

Delivering Quality Service with IBM Service Management

Delivering Quality Service with IBM Service Management Delivering Quality Service with IBM Service Milos Nikolic, Global Technology Services Manager Dragan Jeremic, Technical Sales Specialist for Tivoli December 10th 2008 Innovation is the Process, Success

More information

Managing Open Source Software Supply Chains

Managing Open Source Software Supply Chains Managing Open Source Software Supply Chains Agenda Introduction Identify the ten most common open source license obligations Explain what you need to do to comply with these obligations Discuss the key

More information

White Paper Software Quality Management

White Paper Software Quality Management White Paper What is it and how can it be achieved? Successfully driving business value from software quality management is imperative for many large organizations today. Historically, many Quality Assurance

More information

BMC Software s ITSM Solutions: Remedy ITSM & Service Desk Express SOLUTION WHITE PAPER

BMC Software s ITSM Solutions: Remedy ITSM & Service Desk Express SOLUTION WHITE PAPER BMC Software s ITSM Solutions: Remedy ITSM & Service Desk Express SOLUTION WHITE PAPER Table of Contents Introduction................................................... 1»» BMC Remedy Service Desk Overview

More information

Application Test Management and Quality Assurance

Application Test Management and Quality Assurance SAP Brief Extensions SAP Quality Center by HP Objectives Application Test Management and Quality Assurance Deliver new software with confidence Deliver new software with confidence Testing is critical

More information

Successfully managing geographically distributed development

Successfully managing geographically distributed development IBM Rational SCM solutions for distributed development August 2004 Successfully managing geographically distributed development Karen Wade SCM Product Marketing Manager IBM Software Group Page 2 Contents

More information

Coverity White Paper. Managing Risk: Ensure Software Quality and Security Across the Automotive Supply Chain

Coverity White Paper. Managing Risk: Ensure Software Quality and Security Across the Automotive Supply Chain Managing Risk: Ensure Software Quality and Security Across the Automotive Supply Chain January 2012 The Automotive industry is undergoing a radical transformation. There s been tremendous industry consolidation

More information

CA Vulnerability Manager r8.3

CA Vulnerability Manager r8.3 PRODUCT BRIEF: CA VULNERABILITY MANAGER CA Vulnerability Manager r8.3 CA VULNERABILITY MANAGER PROTECTS ENTERPRISE SYSTEMS AND BUSINESS OPERATIONS BY IDENTIFYING VULNERABILITIES, LINKING THEM TO CRITICAL

More information

Detecting Critical Defects on the Developer s Desktop

Detecting Critical Defects on the Developer s Desktop Detecting Critical Defects on the Developer s Desktop Seth Hallem CEO Coverity, Inc. Copyright Coverity, Inc. 2006. All Rights Reserved. This publication, in whole or in part, may not be reproduced, stored

More information

Optimize Application Performance and Enhance the Customer Experience

Optimize Application Performance and Enhance the Customer Experience SAP Brief Extensions SAP Extended Diagnostics by CA Objectives Optimize Application Performance and Enhance the Customer Experience Understanding the impact of application performance Understanding the

More information

XEROX TALKS BEST PRACTICES FOR OPEN SOURCE GOVERNANCE

XEROX TALKS BEST PRACTICES FOR OPEN SOURCE GOVERNANCE XEROX TALKS BEST PRACTICES FOR OPEN SOURCE GOVERNANCE November 2014 2014 Black Duck Software, Inc. All Rights Reserved. SPEAKERS Phil Odence Vice President and General Manager Black Duck Software Robert

More information

CMDB Essential to Service Management Strategy. All rights reserved 2007

CMDB Essential to Service Management Strategy. All rights reserved 2007 CMDB: Essential to the Service Management strategy Business Proposition: This white paper describes how the CMDB is an essential component of the IT Service Management Strategy, and why the FrontRange

More information

Application Security Center overview

Application Security Center overview Application Security overview Magnus Hillgren Presales HP Software Sweden Fredrik Möller Nordic Manager - Fortify Software HP BTO (Business Technology Optimization) Business outcomes STRATEGY Project &

More information

Address IT costs and streamline operations with IBM service desk and asset management.

Address IT costs and streamline operations with IBM service desk and asset management. Asset management and service desk solutions To support your IT objectives Address IT costs and streamline operations with IBM service desk and asset management. Highlights Help improve the value of IT

More information

What is Security Intelligence?

What is Security Intelligence? 2 What is Security Intelligence? Security Intelligence --noun 1. the real-time collection, normalization, and analytics of the data generated by users, applications and infrastructure that impacts the

More information

IBM Tivoli Netcool network management solutions for enterprise

IBM Tivoli Netcool network management solutions for enterprise IBM Netcool network management solutions for enterprise The big picture view that focuses on optimizing complex enterprise environments Highlights Enhance network functions in support of business goals

More information

Cloud computing: Innovative solutions for test environments

Cloud computing: Innovative solutions for test environments IBM Global Services April 2009 Cloud computing: Innovative solutions for test environments Speed test cycles and reduce cost to gain a competitive edge Page No.2 Contents 2 Executive summary 3 Leading

More information

Realizing the Breakthrough Economics of Linux and Open Source through Hybrid Development. Tim Yeaton, President and CEO Black Duck Software

Realizing the Breakthrough Economics of Linux and Open Source through Hybrid Development. Tim Yeaton, President and CEO Black Duck Software Realizing the Breakthrough Economics of Linux and Open Source through Hybrid Development Tim Yeaton, President and CEO Black Duck Software Linux Collaboration Summit April 9, 2009 Agenda Current Market

More information

Formulate Winning Sales and Operations Strategies Through Integrated Planning

Formulate Winning Sales and Operations Strategies Through Integrated Planning SAP Brief SAP Supply Chain Management SAP Sales and Operations Planning Objectives Formulate Winning Sales and Operations Strategies Through Integrated Planning Keep pace with rapidly changing market conditions

More information

HP Fortify Application Security Lucas v. Stockhausen PreSales Manager HP Fortify EMEA lvonstockhausen@hp.com +49 1520 1898430 Enterprise Security

HP Fortify Application Security Lucas v. Stockhausen PreSales Manager HP Fortify EMEA lvonstockhausen@hp.com +49 1520 1898430 Enterprise Security HP Fortify Application Security Lucas v. Stockhausen PreSales Manager HP Fortify EMEA lvonstockhausen@hp.com +49 1520 1898430 Enterprise Security The problem Cyber attackers are targeting applications

More information

Software Supply Chains: Another Bug Bites the Dust.

Software Supply Chains: Another Bug Bites the Dust. SESSION ID: STR-T08 Software Supply Chains: Another Bug Bites the Dust. Todd Inskeep 1 Global Security Assessments VP Samsung Business Services @Todd_Inskeep Series of Recent, Large, Long-term Security

More information

Your world runs on applications. Secure them with Veracode.

Your world runs on applications. Secure them with Veracode. Application Risk Management Solutions Your world runs on applications. Secure them with Veracode. Software Security Simplified Application security risk is inherent in every organization that relies on

More information

DESIGNED FOR YOUR INDUSTRY. SCALED TO YOUR BUSINESS. READY FOR YOUR FUTURE. SAP INDUSTRY BRIEFING FOR ELEVATOR, ESCALATOR AND MOVING SIDEWALK

DESIGNED FOR YOUR INDUSTRY. SCALED TO YOUR BUSINESS. READY FOR YOUR FUTURE. SAP INDUSTRY BRIEFING FOR ELEVATOR, ESCALATOR AND MOVING SIDEWALK Photo courtesy of Schumacher Elevator Company DESIGNED FOR YOUR INDUSTRY. SCALED TO YOUR BUSINESS. READY FOR YOUR FUTURE. SAP INDUSTRY BRIEFING FOR ELEVATOR, ESCALATOR AND MOVING SIDEWALK MANUFACTURERS

More information

How Virtual Compilation Transforms Code Analysis

How Virtual Compilation Transforms Code Analysis How Virtual Compilation Transforms Code Analysis 2009 Checkmarx. All intellectual property rights in this publication are owned by Checkmarx Ltd. and are protected by United States copyright laws, other

More information

SOLUTION WHITE PAPER. 6 Advantages of a Cloud-Based IT Service Desk By Jeff Moloughney, Principal Solution Marketing Manager, BMC Software

SOLUTION WHITE PAPER. 6 Advantages of a Cloud-Based IT Service Desk By Jeff Moloughney, Principal Solution Marketing Manager, BMC Software SOLUTION WHITE PAPER 6 Advantages of a Cloud-Based IT Service Desk By Jeff Moloughney, Principal Solution Marketing Manager, BMC Software INTRODUCTION More than ever, information technology has become

More information

Leveraging Open Source for a Winning Enterprise Mobile Strategy

Leveraging Open Source for a Winning Enterprise Mobile Strategy Leveraging Open Source for a Winning Enterprise Mobile Strategy Speakers Peter Vescuso EVP of Marketing & Business Development Black Duck Software @black_duck_sw Bryan House VP of Marketing Acquia @bryanhouse

More information

Legal Issues for FOSS-based Supply Chain Management. Herve Guyomard, Black Duck Software

Legal Issues for FOSS-based Supply Chain Management. Herve Guyomard, Black Duck Software Legal Issues for FOSS-based Supply Chain Management Herve Guyomard, Black Duck Software Agenda Legal Case in Supply Chain Open Source in Mobile Mobile devices Supply Chain Management Summary Copyright

More information

Software Code Quality Checking (SCQC) No Clearance for This Secret: Information Assurance is MORE Than Security

Software Code Quality Checking (SCQC) No Clearance for This Secret: Information Assurance is MORE Than Security Software Code Quality Checking (SCQC) No Clearance for This Secret: Information Assurance is MORE Than Security Nominee International Security Executives (ISE ) Information Security Project of the Year

More information

Minimizing code defects to improve software quality and lower development costs.

Minimizing code defects to improve software quality and lower development costs. Development solutions White paper October 2008 Minimizing code defects to improve software quality and lower development costs. IBM Rational Software Analyzer and IBM Rational PurifyPlus software Kari

More information

Coverity White Paper. Effective Management of Static Analysis Vulnerabilities and Defects

Coverity White Paper. Effective Management of Static Analysis Vulnerabilities and Defects Effective Management of Static Analysis Vulnerabilities and Defects Introduction According to a recent industry study, companies are increasingly expanding their development testing efforts to lower their

More information

HP Fortify Software Security Center

HP Fortify Software Security Center HP Fortify Software Security Center Proactively Eliminate Risk in Software Trust Your Software 92% of exploitable vulnerabilities are in software National Institute for Standards and Technology (NIST)

More information

The Worksoft Suite. Automated Business Process Discovery & Validation ENSURING THE SUCCESS OF DIGITAL BUSINESS. Worksoft Differentiators

The Worksoft Suite. Automated Business Process Discovery & Validation ENSURING THE SUCCESS OF DIGITAL BUSINESS. Worksoft Differentiators Automated Business Process Discovery & Validation The Worksoft Suite Worksoft Differentiators The industry s only platform for automated business process discovery & validation A track record of success,

More information

VALUE PROPOSITION FOR SERVICE PROVIDERS. Helping Service Providers accelerate adoption of the cloud

VALUE PROPOSITION FOR SERVICE PROVIDERS. Helping Service Providers accelerate adoption of the cloud VALUE PROPOSITION FOR SERVICE PROVIDERS Helping Service Providers accelerate adoption of the cloud Partnership with Service Providers Enabling Your Cloud Services in Complex Environments Today s challenge

More information

White Paper. Automating Your Code Review: Moving to a SaaS Model for Application Security

White Paper. Automating Your Code Review: Moving to a SaaS Model for Application Security White Paper Automating Your Code Review: Moving to a SaaS Model for Application Security Contents Overview... 3 Executive Summary... 3 Code Review and Security Analysis Methods... 5 Source Code Review

More information

How to Ensure IT Compliance Without Compromising Innovation. Nik Teshima, IBM Phil Odence, Black Duck

How to Ensure IT Compliance Without Compromising Innovation. Nik Teshima, IBM Phil Odence, Black Duck How to Ensure IT Compliance Without Compromising Innovation Nik Teshima, IBM Phil Odence, Black Duck Black Duck 2013 Speakers Phil Odence VP of Business Development Black Duck Software Nik Teshima Senior

More information

Capgemini BizLender 360 An Integrated Straight Through Processing Solution for Business Lending Origination

Capgemini BizLender 360 An Integrated Straight Through Processing Solution for Business Lending Origination In Collaboration with SM Capgemini BizLender 360 An Integrated Straight Through Processing Solution for Business Lending Origination Using technology and expertise to boost efficiency, enhance decision

More information

RSA ARCHER AUDIT MANAGEMENT

RSA ARCHER AUDIT MANAGEMENT RSA ARCHER AUDIT MANAGEMENT Solution Overview INRODUCTION AT A GLANCE Align audit plans with your organization s risk profile and business objectives Manage audit planning, prioritization, staffing, procedures

More information

Total Protection for Compliance: Unified IT Policy Auditing

Total Protection for Compliance: Unified IT Policy Auditing Total Protection for Compliance: Unified IT Policy Auditing McAfee Total Protection for Compliance Regulations and standards are growing in number, and IT audits are increasing in complexity and cost.

More information

CA Service Desk Manager

CA Service Desk Manager PRODUCT BRIEF: CA SERVICE DESK MANAGER CA Service Desk Manager CA SERVICE DESK MANAGER IS A VERSATILE, COMPREHENSIVE IT SUPPORT SOLUTION THAT HELPS YOU BUILD SUPERIOR INCIDENT AND PROBLEM MANAGEMENT PROCESSES

More information

Four Steps to Faster, Better Application Dependency Mapping

Four Steps to Faster, Better Application Dependency Mapping THOUGHT LEADERSHIP WHITE PAPER Four Steps to Faster, Better Application Dependency Mapping Laying the Foundation for Effective Business Service Models By Adam Kerrison, Principal Product Developer, BMC

More information

Oracle Cloud: Enterprise Resource Planning

Oracle Cloud: Enterprise Resource Planning Oracle Cloud: Enterprise Resource Planning Rondy Ng Senior Vice President Applications Development Safe Harbor Statement "Safe Harbor" Statement: Statements in this presentation relating to Oracle's future

More information

FOSSBazaar A Governance Initiative to manage Free and Open Source Software life cycle

FOSSBazaar A Governance Initiative to manage Free and Open Source Software life cycle FOSSBazaar A Governance Initiative to manage Free and Open Source Software life cycle Table of contents Executive summary......2 What is FOSS Governance 3 The importance of open source governance...3 Why

More information

Business Case for Smart Care Software Product Portfolio

Business Case for Smart Care Software Product Portfolio Business Case for Smart Care Software Product Portfolio Contents Company Overview... 3 Growing Challenges with Mobile Device Support... 3 Solution... 4 Privacy and Security... 6 Financial Benefits... 7

More information

Be Fast, but be Secure a New Approach to Application Security July 23, 2015

Be Fast, but be Secure a New Approach to Application Security July 23, 2015 Be Fast, but be Secure a New Approach to Application Security July 23, 2015 Copyright 2015 Vivit Worldwide Copyright 2015 Vivit Worldwide Brought to you by Copyright 2015 Vivit Worldwide Hosted by Paul

More information

The Benefits of Utilizing a Repository Manager

The Benefits of Utilizing a Repository Manager Sonatype Nexus TM Professional Whitepaper The Benefits of Utilizing a Repository Manager An Introduction to Sonatype Nexus TM Professional SONATYPE www.sonatype.com sales@sonatype.com +1 301-684-8080 12501

More information

CA Repository for Distributed. Systems r2.3. Benefits. Overview. The CA Advantage

CA Repository for Distributed. Systems r2.3. Benefits. Overview. The CA Advantage PRODUCT BRIEF: CA REPOSITORY FOR DISTRIBUTED SYSTEMS r2.3 CA Repository for Distributed Systems r2.3 CA REPOSITORY FOR DISTRIBUTED SYSTEMS IS A POWERFUL METADATA MANAGEMENT TOOL THAT HELPS ORGANIZATIONS

More information

WHITE PAPER. Development Testing for Agile Enterprises Helping Teams Maximize Velocity

WHITE PAPER. Development Testing for Agile Enterprises Helping Teams Maximize Velocity Development Testing for Agile Enterprises Helping Teams Maximize Velocity The Need for Speed Companies in almost every industry use software to drive innovation and compete in today s marketplace. And

More information

Controlling Risk Through Software Code Governance

Controlling Risk Through Software Code Governance Controlling Risk Through Software Code Governance July 2011 Catastrophic Consequences Today s headlines are filled with stories about catastrophic software failures and security breaches; medical devices

More information

IT Legacy Migration from Proprietary to Open Source Software. Bill Weinberg, Black Duck Software Jay Lyman, 451 Research

IT Legacy Migration from Proprietary to Open Source Software. Bill Weinberg, Black Duck Software Jay Lyman, 451 Research IT Legacy Migration from Proprietary to Open Source Software Bill Weinberg, Black Duck Software Jay Lyman, 451 Research Black Duck 2013 Speakers Jay Lyman Senior Analyst 451 Research Bill Weinberg Senior

More information

ENJOYING OPEN SOURCE WITHOUT COMPROMISING BUSINESS. Dr. Ron Rymon Founder, White Source Software ron@whitesourcesoftware.com

ENJOYING OPEN SOURCE WITHOUT COMPROMISING BUSINESS. Dr. Ron Rymon Founder, White Source Software ron@whitesourcesoftware.com ENJOYING OPEN SOURCE WITHOUT COMPROMISING BUSINESS Dr. Ron Rymon Founder, White Source Software Background I am a software entrepreneur, not a legal expert My own experience with the dark side of open

More information

SOLUTION BRIEF CA SERVICE MANAGEMENT - SERVICE CATALOG. Can We Manage and Deliver the Services Needed Where, When and How Our Users Need Them?

SOLUTION BRIEF CA SERVICE MANAGEMENT - SERVICE CATALOG. Can We Manage and Deliver the Services Needed Where, When and How Our Users Need Them? SOLUTION BRIEF CA SERVICE MANAGEMENT - SERVICE CATALOG Can We Manage and Deliver the Services Needed Where, When and How Our Users Need Them? SOLUTION BRIEF CA DATABASE MANAGEMENT FOR DB2 FOR z/os DRAFT

More information

DOES OPEN MEAN VULNERABLE?

DOES OPEN MEAN VULNERABLE? DOES OPEN MEAN VULNERABLE? GENIVI All Members Meeting, Seoul Korea - October 2015 Bill Weinberg, Senior Director, Open Source Strategy Black Duck Software 2015 Black Duck Software, Inc. All Rights Reserved.

More information

Capgemini BizLender 360 SM An Integrated Straight Through Processing Solution for Business Lending Origination

Capgemini BizLender 360 SM An Integrated Straight Through Processing Solution for Business Lending Origination Capgemini BizLender 360 SM An Integrated Straight Through Processing Solution for Business Lending Origination Using technology and expertise to boost efficiency, enhance decision making, improve compliance,

More information

Achieving HR Transformation 2.0 the Role of Workforce Communications Technologies

Achieving HR Transformation 2.0 the Role of Workforce Communications Technologies Session Number # 148 Achieving HR Transformation 2.0 the Role of Workforce Communications Technologies DJ Chhabra, Enwisen Mike Lapetina, Unisys DJ Chhabra President, Enwisen 20+ years technology strategy

More information

IBM Tivoli Service Request Manager

IBM Tivoli Service Request Manager Deliver high-quality services while helping to control cost IBM Tivoli Service Request Manager Highlights Streamline incident and problem management processes for more rapid service restoration at an appropriate

More information

GSK Vaccines: Easing Compliance with SAP Process Control

GSK Vaccines: Easing Compliance with SAP Process Control 2014 SAP AG or an SAP affiliate company. All rights reserved. GSK Vaccines: Easing Compliance with SAP Process Control GlaxoSmithKline Vaccines Industry Life sciences pharmaceuticals Products and Services

More information

The Enterprise IT Cloud Company

The Enterprise IT Cloud Company Company Overview The Enterprise IT Cloud Company The modern enterprise relies on IT to deliver innovative business solutions and at the same time, ensure existing IT systems and services perform at the

More information

Enterprise Data Governance

Enterprise Data Governance DATA GOVERNANCE Enterprise Data Governance Strategies and Approaches for Implementing a Multi-Domain Data Governance Model Mark Allen Sr. Consultant, Enterprise Data Governance WellPoint, Inc. 1 Introduction:

More information

Open Source and the New Software Supply Chain. Mark Tolliver, CEO Palamida Inc.

Open Source and the New Software Supply Chain. Mark Tolliver, CEO Palamida Inc. Open Source and the New Software Supply Chain Mark Tolliver, CEO Palamida Inc. Could You Sign This? Typical Software Project Metrics 2.9 GB 87,863 Files 8,535,345 LOC Copyright holders ~350 Archives 178

More information

This article appeared in INNOVATION: The Convergence of Information Technology and Business, published by BMC Software.

This article appeared in INNOVATION: The Convergence of Information Technology and Business, published by BMC Software. Strategies for Effective Application Problem Management This article appeared in INNOVATION: The Convergence of Information Technology and Business, published by BMC Software. INNOVATION: THE CONVERGENCE

More information

Clarity Infrastructure Management helps network operators to plan and document the change to their networks

Clarity Infrastructure Management helps network operators to plan and document the change to their networks Clarity Infrastructure Management helps network operators to plan and document the change to their networks clarity.com 2 Clarity Simplifying Operations Cost effective and timely network rollouts or upgrades

More information

Product Lifecycle Sourcing enabled by Teamcenter s SRM solutions

Product Lifecycle Sourcing enabled by Teamcenter s SRM solutions Product Lifecycle Sourcing enabled by Teamcenter s SRM solutions White Paper In today s era of outsourcing, most companies find that the lack of coordination among suppliers, procurement and product development

More information