Software Composition Analysis for Managing Security and Licensing Risks
Software Composition Analysis (SCA) is used by developers to identify dependencies or components of applications, which may have been built using Open Source and/or proprietary libraries. SCA is essentially a form of Application Security Testing (AST) to find the underlying licensing issues and/or security vulnerabilities in applications. There are several SCA/AST tools available in the Open-Source markets like GitHub. As cloud took off in a big way, many of the enterprise applications started integrating various web-based APIs to provide useful technical and business functionalities built by third parties. Unfortunately, Web APIs pose unique licensing and security risks that existing SCA/AST tools do not address. In this session, we'll revisit Software Composition Analysis as a way to discover and manage security and licensing risks. We’ll also share a checklist for conducting due diligence to mitigate such risks.
One CPE credit will be earned with this webinar.
Duration - One hour
Note: ISACA Members are requested to register with the same email id as that in your ISACA profile for direct CPE uploads.