ASWEpisode101

From Security Weekly Wiki
Jump to navigationJump to search

Application Security Weekly Episode 101 - 2020-03-23

Episode Audio

Application Security Weekly Episode 101

Announcements

Interview: Singularity: A Different Take on Container Security - 6:00-6:45PM

Description:

Singularity is a container runtime that was built from the ground up to live in multi-user environments where POSIX permissions must be respected. In addition to a novel runtime approach, the Singularity Image Format (SIF) differs significantly from other container image formats, with built-in support for full image encryption as well as digital signatures.

Guest: Bio:
Adam Hughes is Chief Software Architect at Sylabs Inc.]
Adam is a developer with nearly two decades of experience in cyber security, real-time operating systems, carrier grade telecommunications systems, and large-scale distributed systems. After joining Sylabs in early 2018, he helped develop the Singularity Container Services suite, which forms an ecosystem around the Singularity container runtime. He has since taken on the role of Chief Software Architect and is now responsible for technical leadership of all Sylabs products.

Hosts

John Kinsella - Vice President of Container Security at Qualys
Matt Alderman - CEO at Security Weekly
Mike Shema - Product Security Lead at Square

Fullaudio - None

Description:

This week, we welcome Adam Hughes, Chief Software Architect at Sylabs Inc., to discuss Singularity: A Different Take on Container Security! In the second segment, we welcome Utsav Sanghani, Senior Product Manager at Synopsys, to discuss Why combining SAST and SCA in your IDE produces higher quality, secure software faster!

To learn more about Synopsys, visit: https://securityweekly.com/synopsys Visit https://www.securityweekly.com/asw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly



John Kinsella's Content:

John Kinsella-1.jpg


Template:ASW101FullaudioJohn Kinsella

Matt Alderman's Content:

MattAlderman-0.png


Template:ASW101FullaudioMatt Alderman

Mike Shema's Content:

Mike-shema-0.jpg


Template:ASW101FullaudioMike Shema


Technical Segment - The Benefits of SAST and SCA in Your IDE - Utsav Sanghani

Description:

Static application security testing (SAST) is critical for uncovering and eliminating issues in proprietary code. However, over 60% of the code in an average application today is composed of open source components. SAST isn't designed to find open source vulnerabilities (CVEs) or identify open source licenses. And manually maintaining a repository of approved open source components for developers is inefficient and time-consuming. That’s where software composition analysis (SCA) comes in. Introducing a new functionality within the Code Sight IDE plugin that combines SAST and SCA in one place to enable secure development.


Guest: Bio:
Utsav Sanghani is Senior Product Manager at Synopsys]
Utsav Sanghani is a senior product manager at Synopsys where he supports strategic cloud product initiatives. He works closely with customers, engineers, and design teams to guide strategic products from conception to launch and straightens out any potential hurdles in the process. He holds a business degree from Dartmouth College and a bachelor’s degree in engineering from the University of Mumbai, India.


John Kinsella's Content:

John Kinsella-1.jpg


Template:ASW101Technical SegmentJohn Kinsella

Matt Alderman's Content:

MattAlderman-0.png


Template:ASW101Technical SegmentMatt Alderman

Mike Shema's Content:

Mike-shema-0.jpg


Template:ASW101Technical SegmentMike Shema