Data protection and privacy are at the top of many organizational priorities. The results of application software testing can provide the basis for defensible quality/security controls to protect sensitive data and confirm effectiveness of relevant data protection controls. Many organizations undergo process assessments in demonstrating compliance with laws associated with protecting privacy and data. Scanning code that will run in enterprise network-connected assets that process or transmit data can determine if the systems or devices enable data leakage or lack adequate protections to mitigate unauthorized access to read or modify data.
• Using the CISQ Automated Source Code Data Protection Measure in software testing can reveal source vectors for data leakage or data corruption; providing indicators for non-compliance with respective Data Protection/Privacy guidelines.
• Derived from the Automated Source Code Quality Measure (ASCQM), recently published as “ISO/IEC 5055 Information technology — Software measurement — Software quality measurement — Automated source code quality measures,” this specification covers common weaknesses (CWEs) that affect the protection of controlled or confidential information and data associated with intellectual property and privacy, such as associated with personal identifiable information (PII), personal health information (PHI), or payment card industry (PCI) data.
Testing for privacy and data protection can be a normal part of quality assurance test regimes. Integrating security testing as part of quality assurance programs within Continuous Integration (CI)/Continuous Delivery (CD) or Deployment (CD) pipelines requires integrating tool scans for Static Analysis Security Testing (SAST), Dynamic Analysis Security Testing (DAST), or Software Composition Analysis (SCA), which are performed at different stages in the CI/CD pipeline. These tools each have their own strengths and weaknesses and are complementary to each other. How long each tool takes to complete a scan affects how often and when tools are deployed into a staging or production environment.
In this webinar, you’ll learn:
Attendees will be provided access to acquire free copies of:
ISO/IEC 5055 Information technology — Software measurement — Software quality measurement — Automated source code quality measures | First edition 2021-03 | Reference number ISO/IEC 5055:2021(E)
CISO’s Guide to Sensitive Data Protection
2021 Open Source Security and Risk Analysis (OSSRA) Report open-source-trends
Joe Jarzombek <sjarzom@synopsys.com> is Director for Government & Critical Infrastructure Programs in Synopsys, Inc. He participates in relevant consortia, public-private collaboration groups, trade associations, standards groups, and R&D projects to assist in accelerating technology adoption. Prior to joining Synopsys, Jarzombek served in the government public sector; collaborating with industry, federal agencies, and international allies in addressing cybersecurity challenges. He served in the US Department of Homeland Security as the Director for Software & Supply Chain Assurance for over ten years, and in that role, to enable security automation and the sharing of cybersecurity information exchange, he sponsored CVE, along with the initiation and evolution of CWE and CAPEC.
Meera Rao <mmeera@synopsys.com> is Senior Director of Product Management in the Synopsys Software Integrity Group, has more than 20 years of experience in software development, more recently focusing on DevOps and CI/CD. She is also leading Intelligent Orchestration development at Synopsys.”
REGISTRATION IS REQUIRED TO ATTEND THIS PROGRAM.
Please register by May 18th at www.cqaa.org. If you have any questions, please contact info@cqaa.org.
You are invited to a Zoom webinar.
When: May 19, 2021 01:00 PM Eastern Time (US and Canada)
Topic: Testing for Privacy and Data Protection at Speed
Please click the link below to join the webinar:
https://synopsys.zoom.us/j/98215324591?pwd=TGRtMlJDSVN3Ykh2eE53cDhnV1hIZz09
Passcode: t!T!t8TL
Or One tap mobile :
US: +16465588656,,98215324591#,,,,*32415215# or +13017158592,,98215324591#,,,,*32415215#
Or Telephone:
Dial(for higher quality, dial a number based on your current location):
US: +1 646 558 8656 or +1 301 715 8592 or +1 312 626 6799 or +1 669 900 6833 or +1 253 215 8782 or +1 346 248 7799 or 833 548 0282 (Toll Free) or 877 853 5247 (Toll Free) or 888 788 0099 (Toll Free) or 833 548 0276 (Toll Free)