Software Bill of Materials for Auditing Security and Licensing Risks
- This event has passed.
December 3 @ 3:00 pm IST - 6:00 pm ISTFree – ₹1180
Software Composition Analysis (SCA) is used by developers to identify dependencies or components of applications, which may have been built using Open Source and/or proprietary libraries. SCA is essentially a form of Application Security Testing (AST) to produce Software Bill of Materials (SBOM) to find the underlying licensing issues and/or security vulnerabilities in applications. There are several SCA/AST tools available in the Open Source markets like GitHub. As cloud took off in a big way, many of the enterprise applications started integrating various web based APIs to provide useful technical and business functionalities built by third parties. Unfortunately, Web APIs pose unique licensing and security risks that existing SCA/AST tools do not address. In this session, we’ll revisit SCA as a way to discover and manage API security and licensing risks. We’ll also share a checklist for conducting due diligence and use various licensing & security scenarios for producing accurate SBOM for auditing purposes.
- Open Source and API Ecosystems
- Global and Enterprise View
- Security, Legal, Financial, Operational Risks
- Software Composition Analysis (SCA)
- Why and how SCA?
- Static/Dynamic Applications Testing (SAT/DAT)
- Building a Risk Management Program (I)
- API Discovery and Technical Due Diligence
- Shifting Left – SAT for API Discovery
- Building a Risk Management Program (II)
- Shifting Right – DAT for API Discovery
- Continuous API Monitoring and Assessment
- Conclusion and QnA
Dr. Baljeet Malhotra is an award-winning researcher known for his work in Open Source and API Risk Management. He conceived the world’s first “API Composition Analysis” based on source code static analysis. He founded TeejLab in 2017 and steered the team to build API Discovery and Security™, world’s first comprehensive end-to-end API Risk Management platform. Prior to TeejLab, he established the R&D unit of Black Duck Software in 2016 (acquired by Synopsys). He also served as Research Director at SAP. He received a PhD in Computing Science from the University of Alberta and won several awards including NSERC (Canada) scholar and Global Young Scientist (Singapore). He concurrently holds Adjunct Professor positions at the University of British Columbia, University of Victoria and University of Northern BC.