BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//ISACA Chennai Chapter - ECPv4.9.4//NONSGML v1.0//EN
CALSCALE:GREGORIAN
METHOD:PUBLISH
X-WR-CALNAME:ISACA Chennai Chapter
X-ORIGINAL-URL:https://isaca-chennai.org
X-WR-CALDESC:Events for ISACA Chennai Chapter
BEGIN:VTIMEZONE
TZID:"Asia/Kolkata"
BEGIN:STANDARD
TZOFFSETFROM:+0530
TZOFFSETTO:+0530
TZNAME:IST
DTSTART:20220101T000000
END:STANDARD
END:VTIMEZONE
BEGIN:VEVENT
DTSTART;TZID="Asia/Kolkata":20221203T150000
DTEND;TZID="Asia/Kolkata":20221203T180000
DTSTAMP:20260429T165640
CREATED:20221110T061114Z
LAST-MODIFIED:20221203T114925Z
UID:23415-1670079600-1670090400@isaca-chennai.org
SUMMARY:Software Bill of Materials for Auditing Security and Licensing Risks
DESCRIPTION:Software Composition Analysis (SCA) is used by developers to identify dependencies or components of applications\, which may have been built using Open Source and/or proprietary libraries. SCA is essentially a form of Application Security Testing (AST) to produce Software Bill of Materials (SBOM) to find the underlying licensing issues and/or security vulnerabilities in applications. There are several SCA/AST tools available in the Open Source markets like GitHub. As cloud took off in a big way\, many of the enterprise applications started integrating various web based APIs to provide useful technical and business functionalities built by third parties. Unfortunately\, Web APIs pose unique licensing and security risks that existing SCA/AST tools do not address. In this session\, we’ll revisit SCA as a way to discover and manage API security and licensing risks. We’ll also share a checklist for conducting due diligence and use various licensing & security scenarios for producing accurate SBOM for auditing purposes. \nDetailed Agenda \n\nOpen Source and API Ecosystems\n\nGlobal and Enterprise View\nSecurity\, Legal\, Financial\, Operational Risks\n\n\nSoftware Composition Analysis (SCA)\n\nWhy and how SCA?\nStatic/Dynamic Applications Testing (SAT/DAT)\n\n\nBuilding a Risk Management Program (I)\n\nAPI Discovery and Technical Due Diligence\nShifting Left – SAT for API Discovery\n\n\nBuilding a Risk Management Program (II)\n\nShifting Right – DAT for API Discovery\nContinuous API Monitoring and Assessment\n\n\nConclusion and QnA\n\nTrainer Profile \nDr. Baljeet Malhotra is an award-winning researcher known for his work in Open Source and API Risk Management. He conceived the world’s first “API Composition Analysis” based on source code static analysis. He founded TeejLab in 2017 and steered the team to build API Discovery and Security™\, world’s first comprehensive end-to-end API Risk Management platform. Prior to TeejLab\, he established the R&D unit of Black Duck Software in 2016 (acquired by Synopsys). He also served as Research Director at SAP. He received a PhD in Computing Science from the University of Alberta and won several awards including NSERC (Canada) scholar and Global Young Scientist (Singapore). He concurrently holds Adjunct Professor positions at the University of British Columbia\, University of Victoria and University of Northern BC. \n
URL:https://isaca-chennai.org/events/software-bill-of-materials-for-auditing-security-and-licensing-risks/
LOCATION:Virtual Event\, India
CATEGORIES:SIG Event
ORGANIZER;CN="ISACA%20Chennai%20Chapter":MAILTO:officemanager@isaca-chennai.org / hon.secretary@isaca-chennai.org
END:VEVENT
END:VCALENDAR