Using security as code to survive the cybersecurity compliance tsunami in software projects - OCX 24

Channel:
Eclipse Foundation
Subscribers:
24,000
Published on ● Video Link: https://www.youtube.com/watch?v=oeU7hrWgFUQ


Duration: 0:00
32 views
0

Software development teams are facing a tsunami of new EU cybersecurity regulations, such as the Cyber Resilience Act and the NIS2 directive. In addition, there are increasing requirements to comply with cybersecurity standards, such as ISO 27001 for information security management systems or IEC 62443-4-1 for secure development lifecycle requirements in industrial product development. In this talk, an experienced cybersecurity consultant will demystify what these regulations and standards mean in practice for software teams, why it is often tedious and expensive to implement them, and why especially open-source projects lack realistic tools and practices for compliance. We will also discuss recommended ways to survive in the middle of this complexity. An emerging approach is to automate cybersecurity compliance by representing it in a plain text content format that can be managed in software version control similarly as code. We will discuss several examples of this emerging approach, including the Open Policy Agent, the NIST OSCAL ecosystem, and an open-source project that the speaker has co-founded. For whom: software developers, open-source project maintainers and contributors, product owners and other software project leaders. Previous cybersecurity knowledge is not required.



Other Videos By Eclipse Foundation


2024-12-01The future of cybersecurity, today: Free and open source tools for CRA compliance for SMEs - OCX 24
2024-12-01Thingweb's Next Chapter: How we are scaling our Project for better IoT and Digital Twin Applications
2024-12-01Can We Adopt Eclipse IoT Projects on Android Embedded Devices? - OCX 2024
2024-12-01Cooperation Between Two OS Foundations to Build a Global Interoperable Ecosystem - OCX 2024
2024-12-01A Better Way to Teach Open Source Software Engineering - OCX 2024
2024-12-01Good Governance Initiative: Translating Is User Oriented, and How It's Done Involving the Community
2024-11-27Revealing… OCX 2026: Where Are We Heading Next?
2024-11-27Relive the Magic: OCX 2024 Aftermovie
2024-11-24Eclipse Dataspace Community Call 2024
2024-11-24What is the Eclipse Dataspace WG up to with ISO/IEC?
2024-11-17Using security as code to survive the cybersecurity compliance tsunami in software projects - OCX 24
2024-11-16Full Stack Digital Sovereignty: Build Sovereign Software Infrastructure for the Public Sector-OCX 24
2024-11-16Vector Databases: A New Search Paradigm - OCX 2024
2024-11-16From Local Roots to Global Impact Building an Inclusive Open Source Community in Africa - OCX 2024
2024-11-16The Missing Post Mortem - OCX 2024
2024-11-16Eclipse sensiNact - IoT’s next top model? - OCX 2024
2024-11-16Crafting Domain Specific Languages - A Practical Guide - OCX 2024
2024-11-16Navigating the Evolution from Desktop to Cloud IDEs: A strategic evaluation of Eclipse IDE and Thea
2024-11-16You Too Can Be a Standards Expert! - OCX 2024
2024-11-16Unveiling OSS best practices for Eclipse Foundation projects - OCX 2024
2024-11-16Unleashing Organizational Potential Embracing Open Source Principles - OCX 2024