7 pm - News, OWASP tools, documents review
7:20 pm - Black Duck Software presents - Static analysis, dynamic analysis, and other testing tools are all essential weapons against adversaries. But for the 80%+ of companies worldwide that use open source software in their application development these tools are ineffective in identifying and mitigating open source security risks . This presentation will cover:
The value of static and dynamic tools, and where they best fit in the Secure Development Lifecycle
Why these tools are not useful in identifying known vulnerabilities in open source components
Controls development and security professionals can deploy to select, detect, manage and monitor open source for existing and newly disclosed vulnerabilities
Food will be provided by Constant Contact.
Park in the front of the building and enter in the main building lobby, continue down the hallway and you will see the innovation center, enter in the large glass doors.
ALSO - Software Development Life Cycle - Akshat Pradhan
The SDLC. One engineer said it was an abstract concept. Another engineer mentioned it was Agile. And someone else said it's a Life Cycle. In this talk, we're going to discuss the SDLC.
Akshat Pradhan (https://www.linkedin.com/in/akshatpradhan) is Founder and Product Director of ComplianceChamp (http://www.compliancechamp.com/) - a consultancy service to manage your compliance (i.e. ISO 27001, PCI-DSS, HIPAA, FEDRAMP, SOC2). In addition to auditing, Akshat loves bringing people together to learn from each other, grow their capabilities, and collaborate to build secure things. For the past 6 years, he's been chair and organizer of the Boston Security Meetup - growing it from 0 to 2400+ members. Boston Security Meetup (http://www.meetup.com/boston-security-meetup/) is the second largest hacker organization on Earth after OWASP NYC!