Securing cloud computing environment is more than just protecting data and workloads in the cloud and cloud management platform. When more and more cloud-based applications were developed in shared model, vulnerabilities in shared environment could fall between the cracks. Thus, supply chain risk already become a serious issue to many companies.
In the Knowledge Sharing Event organised by Cloud Security Alliance Hong Kong & Macau Chapter on June 9, we will look into how to detect and mitigate supply chain risks.
Checkmarx Engineer, Richard Lee, will bring us to the practice world of security review through demonstration. He will cover:
- The types of risks associated with open source libraries
- How to test the libraries you’re using for safety
- Tools you can use to protect your business
- New reputational and behavioral analysis techniques to overcome obfuscation attempts
Please do not miss this opportunity to learn from the expert and get connected with your peers.
Participants will claim 1 CPE.
DATE: June 9, 2022 (Thursday)
TIME: 12:30 – 01:30 pm
TOPIC: Open Source Software Supply Chain: Risks and Mitigation
SPEAKER: Richard Lee, APAC Channel Sales Engineer, Checkmarx
Open source libraries have become an essential part of almost all modern applications. Without open source, software development would be stuck in the slow lane. Not “reinventing the wheel” each time you need a certain functionality in an app saves time and effort, and as a result, open source isn’t going away anytime soon. If anything, it’s becoming more and more widespread.
But there’s a certain amount of risk that comes with using open source components, modules, and libraries. Today, it’s increasingly important to protect yourself from these risks.
In this session, we discussed the importance and prevalence of open source software as well as the ways you can protect yourself from its attendant risks and licensing issues. The goal is to catch issues early, before they can become a problem or a liability. We’ll cover best practices to secure the software supply chain against errors and bad actors, along with what steps to avoid.
Richard Lee is currently the Checkmarx Channel Sales Engineer for the Asia Pacific Region with over 10 years’ experience in the IT, IT security and Application Security industry. He has held various positions in manufacturing, software companies and information security companies.
Richard is currently responsible for AST Platform, SAST (Static Application Security Testing), IAST (Interactive Application Security Testing), SCA (Software Composition Analysis) and CodeBashing technologies. Prior to joining Checkmarx he held various positions at Intel, Microsoft, HP and SafeNet.
Richard holds a bachelor’s degree in Computer Science from the University of Kansas, USA.