Open Source and the New Software Supply Chain. Mark Tolliver, CEO Palamida Inc.
|
|
- Alyson May
- 8 years ago
- Views:
Transcription
1 Open Source and the New Software Supply Chain Mark Tolliver, CEO Palamida Inc.
2
3 Could You Sign This?
4 Typical Software Project Metrics 2.9 GB 87,863 Files 8,535,345 LOC Copyright holders ~350 Archives 178 Binaries 801 JARs 228 Where Did We Get These Components?
5 Open Source Now Makes Up Over 50% of Most Software Projects Audit Example Size 15.9GB 59.1M LOC Documented OS components Undocumented OS components Total # 838 % LOC from Open Source 60-65% Result of an audit engagement performed by Palamida
6 Open Source Now Makes Up Over 50% of Most Software Projects Audit Example Size Documented OS components Undocumented OS components 15.9GB 59.1M LOC Total # 838 % from Open Source 60-65% Result of an audit engagement performed by Palamida
7 Licenses Found by Type 30% Audit Breakdown by License 25% 20% 15% 10% TOTAL % 5% 0% Source: 2010 Year to Date Audit Engagements Performed by Palamida Professional Services
8 How Did This Happen? Content predates existing processes and systems: ie limited or no formal record Acquired code: incomplete diligence at acquisition time Envelope problem: subcomponents of top level OSS components are not visible and therefore not subject to review
9 Managing Software Content Has Become an Essential Part of Software Development Opportunities Reduced development costs Reduced development times Improved time-to-market Challenges Reduce Intellectual Property and Security Risks Comply with requirements from customers and government regulations
10 Opportunity The Business Value of Open Source Development time and cost 100,000 lines of code = $1.9M (20 lines/day, 222 days/year, $85k/year) Support expense Leverage community support vs. complete in-house strategy Per incident example: 2 day resolution vs 5 = 60% reduction Tools Source code control system, build system, bug tracking etc
11 Today a Palamida customer Expects to manage over 10,000 updates per year from external software suppliers Will require a certification of software content from these external suppliers as part of their supplier contracts Will audit all suppliers multiple times per year Will require their product VPs to certify the content and compliance of their software
12 So What s a software Bill of Materials?
13 Software Bill of Materials #1 - It s a critical quality tool to insure that software components meet quality standards Boeing 787 Supplier Chart
14 Software BOM (Bill of Materials) Component Location License Assigned Issues Vulnerabilities Encryption Status
15 Software Bill of Materials #2 - It s a way to meet your obligations to the owners of the intellectual property you use and avoid a claim of copyright infringement Settings General About Legal
16 Third Party Notices File (Example) Component Name: foo Version: Description: <description text> NOTICES Copyright copyright owner License Text: <text of license> Component Name: bar Version: 4.0 Description: <description text> NOTICES Copyright copyright owner License Text: <text of license>
17 Obligations End User License Agreement (EULA): capture all licenses in the software product and deliver them with each customer shipment (license.txt or other file) Display in the about box: determine which licenses require additional attribution and be sure that the about box content is updated (Third Party Notices) Display in the documentation Offer to provide a copy of the code used: Add source code to a distribution site if available Commercial Terms: Royalties etc
18 Offer To Provide a Copy KDL-40W5100, KDL-40W5600, KDL-40XBR9, KDL-40Z5100, KDL-40Z5600, KDL-46W5100, KDL-46W5150, KDL-46W5600, KDL-46XBR9, KDL-46Z5100, KDL-46Z5600, KDL-52W5100, KDL-52W5150, KDL-52W5600, KDL-52XBR9, KDL-52Z5100, KDL-52Z5600, KDL-65W5100, KDL-46XBR10, KDL-52XBR10 GPL LGPL Other kernel _gtx.tgz (40 MB) busybox-1.00.tgz (1.5 MB) pump tgz (55 KB) popt.tgz (562 KB) dosfstools-2.11.tgz (122 KB) sfdisk-2.14.tgz (4 MB) glibc src.rpm (12.5 MB) glibc src.rpm (12 MB) mipsel-gcc src.rpm (27 MB) mipsel-uclibc src.rpm (5 MB) freetype tgz (1.5 MB)
19 Next Question What s our policy?
20 Policy Questions What is the name and version of this software component? What is the license? Where did we get it? Is this component in a software product that ships to customers? Does this component contain encryption? Have we modified this component? When was the last time we checked this software? Does this component contain known vulnerabilities? Have we added this component to the notices file?
21 IP Policy Policy for Apache 2.0 License: Global, Approve, Any Component, Last Update Detailed Policy Example: Modified? Type of redistribution?
22 You Need to Pay Attention Its still cheaper and faster to download a million lines of code than to write it You will have to disclose at some point The wrong time to think about it is when time is short black boxes are no longer black
23 Challenges: Intellectual Property GPL scores historic court compliance victory By Gavin Clarke in San Francisco Posted in Software, 4th August :55 GMT Open sourcers have scored a major victory in a US court over violation of the GPL. The Software Freedom Conservancy has secured $90,000 in damages for willful infringement of GPLv2, plus nearly $50,000 in costs from Westinghouse Digital Electronics over its illegal distribution of the Unix utility BusyBox. The company has also been ordered to stop shipping product loaded with BusyBox.
24 September 25, 2010 The Defenders of Free Software Herman Wouters for The New York Times Armijn Hemel of the Netherlands is part of a movement that wants to make sure that big companies adhere to the rules of open-source software. By ASHLEE VANCE Published: September 25,
25 The Mobile Battlefield Source: The Guardian and New York Times
26 Challenges: Security Android faces critical security study By Joseph Menn in San Francisco Published: October :29 Last updated: October :29 Source: Financial Times FT.com October 31,
27 A Search Engine for Software Your Code Base Palamida Compliance Library Inventory of Software Content Vulnerability Status Reports IP Compliance Reports
28 Code Scanning Scans Binaries / Images / Source / etc.. Schedule Scans (queue) schedule scans (api) Incremental scans Scale Out multiple servers for parallel scans
29 Code Analysis Dual Pane Side-by-Side Comparison of your code with matched library code Tag and Filter System and user-defined tags Example: Has copyright holder = <our company name> and has SCF: Why are we copyrighting third party code?
30 Manage Policy Allowed/Rejected Licenses Products Usage Conditions of use Sign-off
31 Manage Developer Requests Workflow Fully Configurable Quick Review Remediation
32 Report Everything Forensic Data Project Data License Obligations Cross Project Reports Security Issues Version specific Potential Audit Reports Prioritized EULA Copyrights
33 Identify 3 rd Party Security Issues Vulnerabilities in OSS Automated Discovery Association with NVD/CVE Warning Alerts Updates
34 Managing Your Software Supply Chain What s Next?
35 The world expects an accurate software BOM* Your customers will require this and you should require it from your software suppliers (your software supply chain) You can t claim to build quality software if you don t know what is in your code and where it came from The open source communities expect you to respect their IP, and they are watching *Bill of Material
36 Its not just open source Although there will be more and more open source choices Commercial code has important restrictions that you need to observe as well Reuse of internal code will become a measure of development team productivity
37 Other types of code analysis (security, quality, performance) will ultimately be tied into this BOM view A framework for enterprise application security More and more automated More and more visual
38 Best Practices A centralized model is the best way to start. It allows organizations to develop expertise quickly. Audit external code before it enters the codebase (M&A, outsourced work etc) Build rules as you go. They will make repeat audits faster and more automated. The first pass audit on any codebase is a large task - consider using outside experts Hold development managers responsible by signing off on code BOM before release
39 Open Source and the New Software Supply Chain Mark Tolliver, CEO Palamida Inc.
40 Using Outside Experts 1 5 Days (Depending on target readiness) (1 n days) Depending on size of materials and depth of analysis (weekly progress reports) 1-2 Hours Phase 1 Phase 2 Phase 3 Kickoff OSS/Third Report & and Party Audit Review Scoping
41 Using Open Source Best Practices A centralized model is the best way to start. It allows organizations to develop expertise quickly. The first pass audit on any codebase is a large task - consider using outside experts Build rules as you go. They will make the next audit much easier. Audit new external code before it enters the codebase (M&A, outsourced work etc) Hold development managers responsible by signing off on code BOM before release
Managing Open Source Software Supply Chains
Managing Open Source Software Supply Chains Agenda Introduction Identify the ten most common open source license obligations Explain what you need to do to comply with these obligations Discuss the key
More informationOpen Source Software: the Intersection of IP and Security
Open Source Software: the Intersection of IP and Security Greg Kelton, Managing Director EMEA, Palamida Inc. 1995 F22 software (avionics only) ~1.7M LOC 2009 F22 software (avionics only) ~1.7M LOC It takes
More informationnexb- Software Audit for Acquisition Due Diligence
nexb- Software Audit for Acquisition Due Diligence www.nexb.com Agenda About nexb What nexb does Our experience Software Audit: M&A License Violation Risks & Recent Audit Issues Software Audit Process
More informationThe Corporate Counsel s Guide to Open Source Software Policy Implementation
The Corporate Counsel s Guide to Open Source Software Policy Implementation How to Protect the Enterprise from Risk while Helping Your Company More Efficiently Develop and Maintain Applications Black Duck
More informationBOM based on what they input into fossology.
SPDX Tool Website SPDX Tool Description License and copyright scanner that emits license names that conform to SPDX. In March a module should be added that gives the user an SPDX FOSSology fossology.org
More informationOPEN SOURCE SOFTWARE CUSTODIAN AS A SERVICE
OPEN SOURCE SOFTWARE CUSTODIAN AS A SERVICE Martin Callinan Martin.callinan@sourcecodecontrol.co Wednesday, June 15, 2016 Table of Contents Introduction... 2 Source Code Control... 2 What we do... 2 Service
More informationLegal Issues for FOSS-based Supply Chain Management. Herve Guyomard, Black Duck Software
Legal Issues for FOSS-based Supply Chain Management Herve Guyomard, Black Duck Software Agenda Legal Case in Supply Chain Open Source in Mobile Mobile devices Supply Chain Management Summary Copyright
More informationBest Practices of Securing Your Software Intellectual Property Integrity...
January 31, 2005. Best Practices of Securing Your Software Intellectual Property Integrity.......... Palamida, Inc. 612 Howard Street, Suite 100 San Francisco, CA 94105 info@palamida.com 415-777-9400 www.palamida.com
More informationCoverity White Paper. Reduce Your Costs: Eliminate Critical Security Vulnerabilities with Development Testing
Reduce Your Costs: Eliminate Critical Security Vulnerabilities with Development Testing The Stakes Are Rising Security breaches in software and mobile devices are making headline news and costing companies
More informationHow To Manage An Open Source Software
Executive Briefing: Four Steps to Creating an Effective Open Source Policy Greg Olson Sr. Director OSS Management Olliance Group Speaker Greg Olson Sr. Director, Open Source Management Over 30 years of
More informationHow To Improve Your Software
Driving Quality, Security and Compliance in Third- Party Code Dave Gruber Director of Product Marketing, Black Duck Keri Sprinkle Sr Product Marketing Manager, Coverity Jon Jarboe Sr Technical Marketing
More informationAn Open Source Software Primer for Lawyers
An Open Source Software Primer for Lawyers July 17, 2014 Presentation to the ABA Open Source Committee, Section of Science & Technology Law Joanne Montague joannemontague@dwt.com Davis Wright Tremaine
More informationThe FOSSology Project Overview and Discussion. » The Open Compliance Program. ... By Bob Gobeille, Hewlett-Packard
» The Open Compliance Program The FOSSology Project Overview and Discussion By Bob Gobeille, Hewlett-Packard A White Paper By The Linux Foundation FOSSology (http://fossologyorg) is an open source compliance
More informationManaging Open Source Code Best Practices
Managing Open Source Code Best Practices September 24, 2008 Agenda Welcome and Introduction Eran Strod Open Source Best Practices Hal Hearst Questions & Answers Next Steps About Black Duck Software Accelerate
More informationAn Introduction to the Legal Issues Surrounding Open Source Software
An Introduction to the Legal Issues Surrounding Open Source Software By Daliah Saper Saper Law Offices, LLC 505 N. LaSalle, Suite #350 Chicago, IL 60654 http://www.saperlaw.com Open Source Software Open
More informationFree and Open-Source Software Diligence in Mergers, Acquisitions, and Investments
Free and Open-Source Software Diligence in Mergers, Acquisitions, and Investments Andrew J. Hall Fenwick & West LLP April 16, 2013 Linux Foundation Collaboration Summit Presentation Topics Introduction
More informationOSS LOGISTICS: DRIVING INNOVATIVE SOFTWARE FROM DEVELOPER TO CUSTOMER Alex Bigmore Senior Architect & Open Source Governance Programme Manager SITA
OSS LOGISTICS: DRIVING INNOVATIVE SOFTWARE FROM DEVELOPER TO CUSTOMER Alex Bigmore Senior Architect & Open Source Governance Programme Manager SITA Phil Granof EVP & Chief Marketing Officer Black Duck
More informationOpen Source Software and the impact on Mergers & Acquisitions
Open Source Software and the impact on Mergers & Acquisitions Black Duck 2013 Speakers Russell Hartz VP of Corporate Development SAP Oliver Vivell Senior Director of Corporate Development SAP Matthew Jacobs
More information+ + Apps, App Stores, and Open Source. End-to-End Open Source Management. Enabling Successful and Safe Open Source Adoption At 300+ Enterprises
Apps, App Stores, and Open Source Jilayne Lovejoy Corporate Counsel LinuxCon - August 2012 1 End-to-End Open Source Management Enabling Successful and Safe Open Source Adoption At 300+ Enterprises In the
More informationScanning Open Source Software and Managing License Obligations on IBM SmartCloud. Because code travels
Scanning Open Source Software and Managing License Obligations on IBM SmartCloud Because code travels 1 Webinar Agenda Protecode & IBM SmartCloud Company IBM Partnership Solutions Managing Code Obligations
More informationInside the Binary Analysis Tool
Inside the Binary Analysis Tool 헤멜 아마인 Armijn Hemel, MSc Tjaldur Software Governance Solutions armijn@tjaldur.nl June 5, 2015 About Armijn owner Tjaldur Software Governance Solutions creator of Binary
More informationIntellectual Property& Technology Law Journal
Intellectual Property& Technology Law Journal Edited by the Technology and Proprietary Rights Group of Weil, Gotshal & Manges LLP VOLUME 26 NUMBER 6 JUNE 2014 A Practical Approach to Working with Open
More informationHow To Manage Security On A Networked Computer System
Unified Security Reduce the Cost of Compliance Introduction In an effort to achieve a consistent and reliable security program, many organizations have adopted the standard as a key compliance strategy
More informationThe SIEM Evaluator s Guide
Using SIEM for Compliance, Threat Management, & Incident Response Security information and event management (SIEM) tools are designed to collect, store, analyze, and report on log data for threat detection,
More informationSplunk Enterprise Log Management Role Supporting the ISO 27002 Framework EXECUTIVE BRIEF
Splunk Enterprise Log Management Role Supporting the ISO 27002 Framework EXECUTIVE BRIEF Businesses around the world have adopted the information security standard ISO 27002 as part of their overall risk
More informationCSPA. Common Statistical Production Architecture Descritption of the Business aspects of the architecture: business models for sharing software
CSPA Common Statistical Production Architecture Descritption of the Business aspects of the architecture: business models for sharing software Carlo Vaccari Istat (vaccari@istat.it) Index Costs categories
More informationVulnerability Management
Vulnerability Management Buyer s Guide Buyer s Guide 01 Introduction 02 Key Components 03 Other Considerations About Rapid7 01 INTRODUCTION Exploiting weaknesses in browsers, operating systems and other
More informationXEROX TALKS BEST PRACTICES FOR OPEN SOURCE GOVERNANCE
XEROX TALKS BEST PRACTICES FOR OPEN SOURCE GOVERNANCE November 2014 2014 Black Duck Software, Inc. All Rights Reserved. SPEAKERS Phil Odence Vice President and General Manager Black Duck Software Robert
More informationControlling Risk Through Software Code Governance
Controlling Risk Through Software Code Governance July 2011 Catastrophic Consequences Today s headlines are filled with stories about catastrophic software failures and security breaches; medical devices
More informationDevelopment Testing for Agile Environments
Development Testing for Agile Environments November 2011 The Pressure Is On More than ever before, companies are being asked to do things faster. They need to get products to market faster to remain competitive
More informationOpen Source and Legal Issues
In-House Lawyers: Shaping New Legislation, Case-Law and Government Plans into Practical Company Policies Open Source and Legal Issues Rodolphe Michel, British Telecommunications plc This presentation contains
More informationHow to Avoid 5 Common Pitfalls in Open Source Utilization. July 2013
How to Avoid 5 Common Pitfalls in Open Source Utilization July 2013 Today s Presenters Phil Odence Black Duck Baruch Sadogursky JFrog 2 Agenda Open Source Trends Avoiding 5 Common Pitfalls JFrog Artifactory
More informationMessaging Policy Management
Introduction Topic Definition & Scope Risk Analysis Primary Obstacles Task Breakdown Inbound Drew Burdsall President - Espion International Outbound Closing Solution Road Map Our Area Q&A Definition &
More informationLOG INTELLIGENCE FOR SECURITY AND COMPLIANCE
PRODUCT BRIEF uugiven today s environment of sophisticated security threats, big data security intelligence solutions and regulatory compliance demands, the need for a log intelligence solution has become
More informationOpen Source Compliance: The Challenge of Managing Abundance. Peter Vescuso Black Duck Software
Open Source Compliance: The Challenge of Managing Abundance Peter Vescuso Black Duck Software Open Source Compliance: The Challenge of Managing Abundance Agenda The abundance The Challenges Meeting the
More informationOpen Source in the Real World: Beyond the Rhetoric
Open Source in the Real World: Beyond the Rhetoric Maureen Dorney Partner, DLA Piper Kat McCabe Board of Advisors, Black Duck Software, Inc. Gemma Dreher Senior Counsel, BAE Systems Introduction Widespread
More informationEnterprise IT is complex. Today, IT infrastructure spans the physical, the virtual and applications, and crosses public, private and hybrid clouds.
ENTERPRISE MONITORING & LIFECYCLE MANAGEMENT Unify IT Operations Enterprise IT is complex. Today, IT infrastructure spans the physical, the virtual and applications, and crosses public, private and hybrid
More informationUsing Continuous Monitoring Information Technology to Meet Regulatory Compliance. Presenter: Lily Shue Director, Sunera Consulting, LLC
Using Continuous Monitoring Information Technology to Meet Regulatory Compliance Presenter: Lily Shue Director, Sunera Consulting, LLC Outline Current regulatory requirements in the US Challenges facing
More informationInformation Risk Management. Alvin Ow Director, Technology Consulting Asia Pacific & Japan RSA, The Security Division of EMC
Information Risk Management Alvin Ow Director, Technology Consulting Asia Pacific & Japan RSA, The Security Division of EMC Agenda Data Breaches Required Capabilities of preventing Data Loss Information
More informationOpen Source Management Practices Survey What R&D Teams Are Doing, And Why Their Results Are Poor Despite Their Efforts
Open Source Management Practices Survey What R&D Teams Are Doing, And Why Their Results Are Poor Despite Their Efforts Executive Summary Our research shows that while virtually all developers use open
More informationYour Cloud, Your Data, Your Way! owncloud Overview. Club IT - Private and Hybrid Cloud. Austrian Chambers of Commerce Vienna, January 28th, 2014
Your Cloud, Your Data, Your Way! owncloud Overview Club IT - Private and Hybrid Cloud Austrian Chambers of Commerce Vienna, January 28th, 2014 owncloud s Mission owncloud allows IT organizations to deliver
More informationOpen Source Policy Builder
Open Source Policy Builder Effective and comprehensive open source policies are based on a thorough and unbiased organizational assessment. You can start building your organization s open source policy
More informationIBM QRadar Security Intelligence April 2013
IBM QRadar Security Intelligence April 2013 1 2012 IBM Corporation Today s Challenges 2 Organizations Need an Intelligent View into Their Security Posture 3 What is Security Intelligence? Security Intelligence
More informationPhil Marshall Black Duck Software. 2012 ISACA Webinar Program. 2012 ISACA. All rights reserved.
Open Source Component Governance and Management Using COBIT Phil Marshall Black Duck Software 2012 ISACA Webinar Program. 2012 ISACA. All rights reserved. Welcome Type in questions using the Ask A Question
More informationThird Party Security: Are your vendors compromising the security of your Agency?
Third Party Security: Are your vendors compromising the security of your Agency? Wendy Nather, Texas Education Agency Michael Wyatt, Deloitte & Touche LLP TASSCC Annual Conference 3 August 2010 Agenda
More informationExecutive Summary Program Highlights for FY2009/2010 Mission Statement Authority State Law: University Policy:
Executive Summary Texas state law requires that each state agency, including Institutions of Higher Education, have in place an Program (ISP) that is approved by the head of the institution. 1 Governance
More informationIntellectual Property Group Presentation. Using Open Source Software Issues to Consider. Peter J. Guffin, Esq. Pierce Atwood LLP January 22, 2009
Intellectual Property Group Presentation Using Open Source Software Issues to Consider Peter J. Guffin, Esq. Pierce Atwood LLP January 22, 2009 I. Agenda Select key terms in various open source licenses
More informationCopyright 11/1/2010 BMC Software, Inc 1
Copyright 11/1/2010 BMC Software, Inc 1 Copyright 11/1/2010 BMC Software, Inc 2 Copyright 11/1/2010 BMC Software, Inc 3 The current state of IT Service How we work today! INCIDENT SERVICE LEVEL DATA SERVICE
More informationBe Fast, but be Secure a New Approach to Application Security July 23, 2015
Be Fast, but be Secure a New Approach to Application Security July 23, 2015 Copyright 2015 Vivit Worldwide Copyright 2015 Vivit Worldwide Brought to you by Copyright 2015 Vivit Worldwide Hosted by Paul
More information<Insert Picture Here> Oracle Database Security Overview
Oracle Database Security Overview Tammy Bednar Sr. Principal Product Manager tammy.bednar@oracle.com Data Security Challenges What to secure? Sensitive Data: Confidential, PII, regulatory
More informationSecurity Compliance and Data Governance: Dual problems, single solution CON8015
Security Compliance and Data Governance: Dual problems, single solution CON8015 David Wolf Director of Product Management Oracle Development, Enterprise Manager Steve Ries Senior Systems Architect Technology
More informationState of Oregon. State of Oregon 1
State of Oregon State of Oregon 1 Table of Contents 1. Introduction...1 2. Information Asset Management...2 3. Communication Operations...7 3.3 Workstation Management... 7 3.9 Log management... 11 4. Information
More information10/21/10. Formatvorlage des Untertitelmasters durch Klicken bearbeiten
Formatvorlage des Untertitelmasters durch Klicken bearbeiten Introduction Who is Pramari? Leading US Based RFID Software and Consulting Company Member of EPCGlobal (Standards Group for RFID) Partnered
More informationRSA envision. Platform. Real-time Actionable Security Information, Streamlined Incident Handling, Effective Security Measures. RSA Solution Brief
RSA Solution Brief RSA envision Platform Real-time Actionable Information, Streamlined Incident Handling, Effective Measures RSA Solution Brief The job of Operations, whether a large organization with
More informationBest Overall Use of Technology. Jaspersoft
Best Overall Use of Technology Jaspersoft Kerstin Klein Manager, Engineering Processes/ Infrastructure, Jaspersoft From requirements to release QA centric development From Requirement to Release QA-Centric
More informationOpen Source Policy Builder
Open Source Policy Builder The following questions represent components of a comprehensive open source policy. Each question has several policy choices listed below. Your organization can build its open
More informationIBM Cloud Security Draft for Discussion September 12, 2011. 2011 IBM Corporation
IBM Cloud Security Draft for Discussion September 12, 2011 IBM Point of View: Cloud can be made secure for business As with most new technology paradigms, security concerns surrounding cloud computing
More informationIBM Data Security Services for endpoint data protection endpoint data loss prevention solution
Automating policy enforcement to prevent endpoint data loss IBM Data Security Services for endpoint data protection endpoint data loss prevention solution Highlights Facilitate policy-based expertise and
More informationThe Benefits of Utilizing a Repository Manager
Sonatype Nexus TM Professional Whitepaper The Benefits of Utilizing a Repository Manager An Introduction to Sonatype Nexus TM Professional SONATYPE www.sonatype.com sales@sonatype.com +1 301-684-8080 12501
More informationComparative Analysis of Free IT Monitoring Platforms. Review of SolarWinds, CA Technologies, and Nagios IT monitoring platforms
Comparative Analysis of Free IT Monitoring Platforms Review of SolarWinds, CA Technologies, and Nagios IT monitoring platforms The new CA Nimsoft Monitor Snap solution offers users broad access to monitor
More informationA Global IT Managed Service Provider
A Global IT Managed Service Provider Service Catalog 2013 www.presilient.com We help ensure that you maximize your current infrastructure investments, while increasing performance across your enterprise.
More informationDelivering Quality Service with IBM Service Management
Delivering Quality Service with IBM Service Milos Nikolic, Global Technology Services Manager Dragan Jeremic, Technical Sales Specialist for Tivoli December 10th 2008 Innovation is the Process, Success
More informationIT Security & Compliance. On Time. On Budget. On Demand.
IT Security & Compliance On Time. On Budget. On Demand. IT Security & Compliance Delivered as a Service For businesses today, managing IT security risk and meeting compliance requirements is paramount
More informationExhibit to Data Center Services Service Component Provider Master Services Agreement
Exhibit to Data Center Services Service Component Provider Master Services Agreement DIR Contract No. DIR-DCS-SCP-MSA-002 Between The State of Texas, acting by and through the Texas Department of Information
More informationIndustrial Cyber Security Risk Manager. Proactively Monitor, Measure and Manage Cyber Security Risk
Industrial Cyber Security Risk Manager Proactively Monitor, Measure and Manage Cyber Security Risk With Today s Cyber Threats, How Secure is Your Control System? Today, industrial organizations are faced
More informationAn ITIL Perspective for Storage Resource Management
An ITIL Perspective for Storage Resource Management BJ Klingenberg, IBM Greg Van Hise, IBM Abstract Providing an ITIL perspective to storage resource management supports the consistent integration of storage
More informationCautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work
Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work Security concerns and dangers come both from internal means as well as external. In order to enhance your security posture
More informationBMC Service Assurance. Proactive Availability and Performance Management Capacity Optimization
BMC Service Assurance Proactive Availability and Performance Management Capacity Optimization BSM enables cross-it workflow Proactive Operations Initiatives Incident Management Proactive Operations REQUEST
More informationwith Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief
RSA Solution Brief Streamlining Security Operations with Managing RSA the Lifecycle of Data Loss Prevention and Encryption RSA envision Keys with Solutions RSA Key Manager RSA Solution Brief 1 Who is asking
More informationOpen Source. Knowledge Base. By: Karan Malik INTRODUCTION
Open Source By: Karan Malik INTRODUCTION Open source is a development method, offering accessibility to the source of a product. Some consider open source as possible design approaches, while some of them
More informationPresentation. Open Source is NOT Free. For ISACA. By Dave Yip / Gamatech Ltd. Agenda
Presentation Open Source is NOT Free For ISACA By Dave Yip / Gamatech Ltd Agenda Gamatech Introduction to Open Source Open Source and Enterprises Open Source Licensing Open Source Risks Open Source Management
More informationIT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:
IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: 1. IT Cost Containment 84 topics 2. Cloud Computing Readiness 225
More informationTable of contents. Best practices in open source governance. Managing the selection and proliferation of open source software across your enterprise
Best practices in open source governance Managing the selection and proliferation of open source software across your enterprise Table of contents The importance of open source governance... 2 Executive
More informationtdodo Internet Web Hosting Terms and Conditions
tdodo Internet Web Hosting Terms and Conditions Things you should know: A. The total amount payable by you for web hosting services depends on the plan that you have selected and your usage of the service.
More informationIntelligent End User Compute Strategy. Ted Smith Nigel Brown
Intelligent End User Compute Strategy Ted Smith Nigel Brown Introduction Microserve Technical Service Managed Services Professional Services BCNet provider of Desktops, notebooks, tablets, displays, print
More informationFOSS Governance Fundamentals
FOSS Governance Fundamentals HP Part Number: 5992-4059 Published: January 2008 Edition: 1.0 Copyright 2008 Hewlett-Packard Development Company, L.P. Legal Notice Confidential computer software. Valid license
More informationVistara Lifecycle Management
Vistara Lifecycle Management Solution Brief Unify IT Operations Enterprise IT is complex. Today, IT infrastructure spans the physical, the virtual and applications, and crosses public, private and hybrid
More informationINCIDENT RESPONSE CHECKLIST
INCIDENT RESPONSE CHECKLIST The purpose of this checklist is to provide clients of Kivu Consulting, Inc. with guidance in the initial stages of an actual or possible data breach. Clients are encouraged
More informationHow To Monitor Your Entire It Environment
Preparing for FISMA 2.0 and Continuous Monitoring Requirements Symantec's Continuous Monitoring Solution White Paper: Preparing for FISMA 2.0 and Continuous Monitoring Requirements Contents Introduction............................................................................................
More informationOpen Source in Android Apps:
Open Source in Android Apps: Tips for Becoming a Good Open Source Citizen AnDevCon Kim Weins, SVP Marketing, OpenLogic What You ll Learn! How much open source is used in mobile apps?! What level of compliance
More informationBuyer s Guide to Automated Layer 2 Discovery & Mapping Tools
WHATSUP GOLD BUYER S GUIDE Buyer s Guide to Automated Layer 2 Discovery & Mapping Tools 4 Critical Components of Successful Layer 2 Discovery INTRODUCTION TO AUTOMATIC LAYER 2 DISCOVERY & MAPPING Layer
More informationIBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer
IBM Security QRadar SIEM & Fortinet / FortiAnalyzer Introducing new functionality for IBM QRadar Security Intelligence Platform: integration with Fortinet s firewalls and logs forwarded by FortiAnalyzer.
More informationElectoral Commission. Auction # 10220759. Patch Management Solution
Electoral Commission Auction # 10220759 Patch Management Solution IMPORTANT NOTICE Failure to comply with the completion of the auction conditions and the required information (i.e. Make, model and size
More informationThe Power of BMC Remedy, the Simplicity of SaaS WHITE PAPER
The Power of BMC Remedy, the Simplicity of SaaS WHITE PAPER TABLE OF CONTENTS EXECUTIVE SUMMARY............................................... 1 BUSINESS CHALLENGE: MANAGING CHANGE.................................
More informationUSER GUIDE: MaaS360 Services
USER GUIDE: MaaS360 Services 05.2010 Copyright 2010 Fiberlink Corporation. All rights reserved. Information in this document is subject to change without notice. The software described in this document
More informationApplying ITIL v3 Best Practices
white paper Applying ITIL v3 Best Practices to improve IT processes Rocket bluezone.rocketsoftware.com Applying ITIL v. 3 Best Practices to Improve IT Processes A White Paper by Rocket Software Version
More information2011 NASCIO Nomination Business Improvement and Paperless Architecture Initiative. Improving State Operations: Kentucky
2011 NASCIO Nomination Business Improvement and Paperless Architecture Initiative Improving State Operations: Kentucky Kevin Moore 6/1/2011 Executive Summary: Accounts Payable was a time consuming, inefficient
More informationOPEN SOURCE SECURITY
OPEN SOURCE SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without
More informationIBM Data Security Services for endpoint data protection endpoint data loss prevention solution
Automating policy enforcement to prevent endpoint data loss IBM Data Security Services for endpoint data protection endpoint data loss prevention solution Highlights Protecting your business value from
More informationCompliance Guide ISO 27002. Compliance Guide. September 2015. Contents. Introduction 1. Detailed Controls Mapping 2.
ISO 27002 Compliance Guide September 2015 Contents Compliance Guide 01 02 03 Introduction 1 Detailed Controls Mapping 2 About Rapid7 7 01 INTRODUCTION If you re looking for a comprehensive, global framework
More informationConcierge SIEM Reporting Overview
Concierge SIEM Reporting Overview Table of Contents Introduction... 2 Inventory View... 3 Internal Traffic View (IP Flow Data)... 4 External Traffic View (HTTP, SSL and DNS)... 5 Risk View (IPS Alerts
More informationDynamic Service Desk. Unified IT Management. Solution Overview
I T S E R V I C E + I T A S S E T M A N A G E M E N T INFRASTRUCTURE MANAGEMENT Dynamic Service Desk Unified IT Management Achieving business and IT alignment requires having insight into hardware and
More informationServices Providers. Ivan Soto
SOP s for Managing Application Services Providers Ivan Soto Learning Objectives At the end of this session we will have covered: Types of Managed Services Outsourcing process Quality expectations for Managed
More informationMinimizing code defects to improve software quality and lower development costs.
Development solutions White paper October 2008 Minimizing code defects to improve software quality and lower development costs. IBM Rational Software Analyzer and IBM Rational PurifyPlus software Kari
More informationMassTransit vs. FTP Comparison
MassTransit vs. Comparison If you think is an optimal solution for delivering digital files and assets important to the strategic business process, think again. is designed to be a simple utility for remote
More informationPolicy Driven Continuous Software Intellectual Property Management
Policy Driven Continuous Software Intellectual Property Management DETECT LOG IDENTIFY REPORT Session # 227 Tuesday 13:30 Room 207 Richard Mayer Protecode Inc. mayer@protecode.com Come see us at Pedestal
More informationIssues in Software Licensing, Acquisition and
Issues in Software Licensing, Acquisition and Development July 18, 2013 David Jennings Context For Our Purposes; What s a license? Fundamentally, it is a permission to do something(s). A license conveys
More informationInformation & Asset Protection with SIEM and DLP
Information & Asset Protection with SIEM and DLP Keeping the Good Stuff in and the Bad Stuff Out Professional Services: Doug Crich Practice Leader Infrastructure Protection Solutions What s driving the
More informationTodd Heythaler Information Governance & ediscovery. Emerging Technologies Work Group
Todd Heythaler Information Governance & ediscovery Trends & Landscapes State & Local Government Challenges Approach to ediscovery & FOIL requests Getting Started Trends & Landscape Requests for Information
More informationBusiness Case Outsourcing Information Security: The Benefits of a Managed Security Service
Business Case Outsourcing Information Security: The Benefits of a Managed Security Service seccuris.com (866) 644-8442 Contents Introduction... 3 Full- Time Experts vs. a Part- Time In- House Staff...
More information