Difference between revisions of "ASWEpisode101"

From Security Weekly Wiki
Jump to navigationJump to search
(Added By Paul's Craptastic PPWorks Code)
(Added By Paul's Craptastic PPWorks Code)
Line 59: Line 59:
= Technical Segment - Why combining SAST and SCA in your IDE produces higher quality, secure software faster =
= Technical Segment - The Benefits of SAST and SCA in Your IDE  =
************************* MAKE CHANGES IN THE TEMPLATES BELOW! ***************************
************************* MAKE CHANGES IN THE TEMPLATES BELOW! ***************************

Revision as of 20:16, 23 March 2020

Application Security Weekly Episode 101 - 2020-03-23

Episode Audio

Application Security Weekly Episode 101


Interview: Singularity: A Different Take on Container Security - 6:00-6:45PM


Singularity is a container runtime that was built from the ground up to live in multi-user environments where POSIX permissions must be respected. In addition to a novel runtime approach, the Singularity Image Format (SIF) differs significantly from other container image formats, with built-in support for full image encryption as well as digital signatures.

Guest: Bio:
Adam Hughes is Chief Software Architect at Sylabs Inc.]
Adam is a developer with nearly two decades of experience in cyber security, real-time operating systems, carrier grade telecommunications systems, and large-scale distributed systems. After joining Sylabs in early 2018, he helped develop the Singularity Container Services suite, which forms an ecosystem around the Singularity container runtime. He has since taken on the role of Chief Software Architect and is now responsible for technical leadership of all Sylabs products.


John Kinsella - Vice President of Container Security at Qualys
Matt Alderman - CEO at Security Weekly
Mike Shema - Product Security Lead at Square

Technical Segment - The Benefits of SAST and SCA in Your IDE


Static application security testing (SAST) is critical for uncovering and eliminating issues in proprietary code. However, over 60% of the code in an average application today is composed of open source components. SAST isn't designed to find open source vulnerabilities (CVEs) or identify open source licenses. And manually maintaining a repository of approved open source components for developers is inefficient and time-consuming. That’s where software composition analysis (SCA) comes in. Introducing a new functionality within the Code Sight IDE plugin that combines SAST and SCA in one place to enable secure development.

Guest: Bio:
Utsav Sanghani is Senior Product Manager at Synopsys]
Utsav Sanghani is a senior product manager at Synopsys where he supports strategic cloud product initiatives. He works closely with customers, engineers, and design teams to guide strategic products from conception to launch and straightens out any potential hurdles in the process. He holds a business degree from Dartmouth College and a bachelor’s degree in engineering from the University of Mumbai, India.

John Kinsella's Content:

John Kinsella-1.jpg

Template:ASW101Technical SegmentJohn Kinsella

Matt Alderman's Content:


Template:ASW101Technical SegmentMatt Alderman

Mike Shema's Content:


Template:ASW101Technical SegmentMike Shema