Breakfast Briefing: Security at the Speed of Development

Wednesday, April 30, 2014

8:30am – Noon – Breakfast Briefing
Noon – 1:00pm – Sonatype User Group Lunch

Marquee Events, 960 Main Street, Hartford, CT

Sponsored by:

Are your security and risk management practices prepared to scale with your development practices?

With the move towards agile development and continuous delivery – comes a dramatic increase in the use of third party and open source components to fuel innovation and speed development. In fact, Gartner predicts that by 2015 ninety-nine percent of mission critical applications in global 2000 companies will use open source components.

As a result organizations have to rethink their security and risk management strategies to account for these new complexities. Whether you are responsible for Application Development, Application Security or Risk Management this breakfast briefing will open your eyes to new approaches.

Register today for this complimentary breakfast briefing to learn, network and get your questions answered.

SONATYPE CUSTOMERS – Don't miss the Inaugural User Group Luncheon for roadmap updates on Nexus and CLM from 12:00 - 1:00.

Count Me In

AGENDA

8:30 – 9:30 am Networking Breakfast  
9:30 – 10:00 am Securing the New Software Supply Chain

Today software runs the things that run our world. Just like automobile manufacturers, software "manufacturers" need to apply supply chain management principles for both efficiency and quality. They need to be prepared to conduct a rapid and comprehensive "recall" when a defect is found. And they need to be able to ensure they are using quality "parts" from the start.

Today's modern development practices – agile and component-based development - make this challenging to say the least. In this session, Josh will discuss strategies and best practices to unite your security and development practices in a way that is:
  • Easy for developers and effective throughout the entire software lifecycle
  • Highly accurate and produce evidence that it is working
  • Continuous to address ongoing threats in real-time, ensuring sustaining trust

Josh Corman
CTO
Sonatype
10:00 – 10:15 Break  
10:15 – 11:00 On the Road to Security at the Speed of Development

We are excited to have Curtis Yanko, Architectural Manager at Cigna, joining us to share his first-hand experiences managing the risks associated with use of open source and third-party components in applications in the context of a broader DevOps strategy.
Curtis Yanko
Curtis Yanko
Architectural Manager
Cigna
11:00 – 11:45 Got Vulnerabilities? You Need Visibility

Let's face it, Web Application security is a complex task and understanding the risk to your web and mobile environments is absolutely critical. Developers and Information Security professionals constantly struggle with the ability to properly assess their applications for vulnerabilities, as well as gain visibility into the open source components being used to add key functionality. This lack of visibility presents several risk factors for the organization – both technical and legal.

During this presentation, we will discuss the Fortify On Demand assessment process and how our integration with Sonatype delivers a new level and depth of visibility to our Customer’s critical software applications.

Michael Farnum
Practice Principal
HP Fortify on Demand
11:45 – Noon Open Discussion  
Noon – 1:00 pm Sonatype CLM and Nexus Pro User Group Luncheon
Brian Fox, VP of Product Development at Sonatype

Join us for this special user group luncheon to meet other Sonatype customers and be the first to hear the future product strategy and see the roadmap for Nexus Pro, Nexus Pro CLM Edition and Sonatype Component Lifecycle Management (CLM) to support your ongoing requirements.

Brian Fox
VP of Product Development
Sonatype