If you care about security, you should never trust software. If you take that a step further, open source software, components, and libraries are pervasive in software deployed across all types of programs. Though you can identify the latest versions and make sure you are up-to-date at a point in time, there is a myriad of vulnerabilities that don’t have fixes, and when patches are available they can’t often be applied in a timely fashion. What are the state-of-the-art ways vulnerabilities in open source code can be identified and mitigated and what can we do if scanning and patching still have holes that put our systems at risk. Moderator: Joe Saunders Participants: Dr. Laurie Williams (NCState); Trey Herr, Director, (The Atlantic Council “Cyber Statecraft Initiative”); Aaron Bray (Phylum)

RunSafe Security DevSecOps Commercial Bash at CyberWeek

As DevSecOps tools proliferate in the market, they all promise better cyber resiliency but that often comes with a cost. Not just the cost of the tool itself, but the additional overhead it takes to implement and operate the tool. Join industry experts from Cloudbees, JFrog and RedHat to learn how businesses are grappling with these challenges and how you can avoid them. Moderator: Nick Rea Participants: John Osborne, (RedHat), Sven Ruppert (JFrog), Tim Johnson (Cloudbees)

RSSM #1: Why should I monitor software crashes? with Shane Fry

Introducing the RunSafe Security Minute! Each week we will provide one minute security briefs. This week's question is: "Why should I monitor software crashes?" with our very own Shane Fry, VP of Security Engineering

RSSM #2: What is load-time function randomization? with Katie Fejer

This week's RunSafe Security Minute is all about load-time function randomization! Don't know what that means? Listen here with our very own Katie Fejer, one of our amazing software engineers.

RSSM #3: How do you deploy in a Yocto build environment? with Andrew Murray

Check out the latest Security Minute from RunSafe with Andrew Murray! ⏱️ This week's question: How do you deploy in a #Yocto build environment? Watch the short clip below. #cybersecurity #softwaresecurity

RunSafe Security DevSecOps Federal Bash at CyberWeek

The French Defense and other moves to embed security in DevSecOps. Software is never done and speed always matters. The DoD is moving to DevSecOps in response. It’s a journey involving both cultural and technical changes. Join Gitlab, Jasper, and RunSafe for a discussion of security approaches and use cases. With a special appearance by Nicolas Chaillan, like you’ve never seen him before. Moderator: Dave Salwen Participants: Andy Patel (Jasper Solutions), Inc.; Joe McKairns (Gitlab Federal)

RunSafe Security Cloud Workloads Bash at Cyber Week

As enterprises migrate to the cloud, cloud providers offer infrastructure, redundancy, and availability. But there are core capabilities in managing the security of cloud workloads not offered by cloud providers. What are these core capabilities, how do you deploy them, and what are ways to ensure your open source software, containers, and workloads are protected? Moderator: Nick Rea, RunSafe Security Participants: Mike Shinn (Atomicorp); and Johnnie Konstantas, (Oracle)

RunSafe Security 5G Bash at CyberWeek

As 5G technology is deployed, there is much excitement around the new capabilities it will deliver. Equal to that excitement is the growing concern of how to secure 5G technologies. With many new use cases once thought outside the realm of wireless, security practitioners are grappling with how to properly secure their new 5G back environments. Wireless industry experts from the Carrier, OEM and VC community will share their perspectives on how businesses of all types can ensure they’re prepared to deploy 5G based solutions in a secure manner. Moderator: Joe Saunders Participants: Randy Clark (Vice-Chair, National Spectrum Consortium), Gilman Louie (Alsop Louie), Julie Holdren, CPO, VERB Technology, and Lisa Porter (LogIQ, former Deputy Undersecretary DOD-R&E)

Secure your Open Source IT Infrastructure with RunSafe Hardened Images on Oracle Cloud Infrastructure (OCI) Managing cybersecurity vulnerabilities in Open Source software is a complex and taxing effort. You don’t own the code which naturally limits your options to ensure it’s secure. Current approaches to secure open source infrastructure relies heavily on scanning for known vulnerabilities and recommending patches. But this doesn’t address unknown vulnerabilities and the inherent challenges with chaotic patching cycles. Modern approaches like code hardening are bridging the gap and adding a new level of cyber resilience to open source code. This Webinar will unpack both the business value and the technical details of how this works with RunSafe Alkemist and OCI. We’ll unpack how common open source infrastructure packages made available from RunSafe Security are a turnkey solution for Oracle Cloud Marketplace customers. Panelists 

  • Phil Griston, Oracle, Business Development, Lead Security and Networking Marketplace Partnerships
  • Chris Crowley, SANS Institute, Senior Instructor - Nick Rea, RunSafe Security, VP Market Development

Presenters: Cindy Blake, CISSP, Sr. Security Evangelist, GitLab Stephen Chin, Head of Developer Relations, JFrog Ed Moyle, Partner, SecurityCurve Joseph Saunders, Founder & CEO, RunSafe Security, Inc. Anders Wallgren, VP of Technology Strategy, CloudBees How do you address the security challenges associated with high velocity code release? If you are exploring the double-edged sword that is open source code, this webcast will share the strategies you need in order to effectively build security into the development process without slowing down developers. We’ll be joined by DevOps industry experts who will engage in a hearty discussion focused on the benefits and challenges of high velocity code release.

Alkemist JFrog Artifactory Plugin Exploit Example

Description and live demonstration of the RunSafe Security Alkemist Jfrog Artifactory plugin stopping a once successful cyber attack against an application. For more information visit our website: For hands-on access to the Alkemist technology visit our portal: Video by: Kenton Brazelle - Senior Field Engineer #cyber #infosec #devops #devsecops #jfrog

SANSFIRE 2020- Rapidly Inoculate Compiled Code Against Software Memory Vulnerabilities

Effortlessly Immunize Software - Rapidly Inoculate Compiled Code Against Software Memory Vulnerabilities. RunSafe will present a brief primer on the problem of software memory vulnerabilities, and how our approach works as well as is different from other alternatives. We will then walk students through a hands-on demo illustrating: How to implement source code immunization using Alkemist:Repo How to use pre-hardened binaries of popular open source components immunized via LFR through Runsafe's Alkemist:Repo. Each student will receive a free 30-day trial account, so they can continue working with Alkemist after the Lunch & Learn event.

RunSafe and Cyber Reliant: Bad Actors Find Ways In

Security assuming networks are breached, supply chains are compromised, or insiders gained access. The speakers are: James Murphy, President, Mission Essentials John Suit, CTO, Cyber Reliant Joe Saunders, CEO, RunSafe Security Agenda: Introduction - James Murphy, Mission Essentials Case Study - Secure Data Despite Cyber Attack, John Suit, Cyber Reliant Case Study - Secure Software Despite Cyber Attack, Joe Saunders, RunSafe Security Q&A - James Murphy and Audience Participants

Recorded by The Cyber Guild: Joe Saunders is the founder and CEO of RunSafe Security, a pioneer of cyberhardening technology for embedded systems and devices and industrial control systems. He leads a team of former U.S. government cybersecurity specialists who know how attackers think about problems, how they weaponize attacks and how they choose targets. A 25-year veteran of many national security and cybersecurity roles, Joe is on a personal mission to transform cybersecurity by challenging outdated assumptions and disrupting the economics that motivate hackers to attack.

In this short webinar, IOT device engineers and developers will see how they can immunize their devices against the root-cause of more than 50% of post-deployment updates. Using the customer example of a feature-rich, yocto-based server management solution from Vertiv™, attendees will see how to get these benefits in 3-steps, without any software changes. Attendees will leave with a 30-day trial license to use RunSafe’s tools in their own environments and demo in the RunSafe self-service portal. Vertiv™ Avocent® Core Insight is built on top of the openBMC yocto project, designed to securely add powerful, lights-out management features to servers and other infrastructure. Avocent® Core Insight chief architect, Joerg Weedermann will walk through the product architecture and software stack. Joerg will then show how that entire stack became protected against a class of security exploitation risk by the simple addition of RunSafe’s Alkemist. Because the images running on each yocto-built embedded system are identical, a single vulnerability can expose thousands of systems and attackers can easily scale their attacks. Alkemist can mitigate this concern by using a patented technique called Loadtime Function Randomization (LFR). Alkemist performs randomization at runtime instead of buildtime, preserving “Binary Reproducibility,” one of the yocto project’s core features, while dramatically increasing security against memory-based attacks. RunSafe’s recent blog on security in yocto can be found here:

Artifactory Plugin Overview Video

Artifactory Plugin Overview Video

Ethan Secures Yocto Builds

Ethan Secures Yocto Builds

RunSafe Security at Cloudbees Connect

Immunizing software from attack using DevOps tools: a demonstration by RunSafe Security

Security Heavyweights Weigh In on the New Work Reality- RunSafe Security

RunSafe Security sits down with John Stewart, (former Chief Security Officer of Cisco), and Michael Grace (head of Samsung Knox security) to discuss how the sudden explosion of remote workers and the related attack surface impacts the threat landscape (for both mobile and IT infrastructure)…and what security teams and suppliers can do about it. With unprecedented use of consumer based network and computing equipment in the home, what security ramifications should we consider beyond the obvious? What are the broader scale impacts we should be thinking about? Hear from these two industry experts as we delve into these important topics and arm yourself with new insights on how to protect your product and organization. Panelists Michael Grace, Head of Knox Security at Samsung Mobile John Stewart, Owner of Talons Ventures, and former Chief Security Officer at Cisco Host Nick Rea, VP Market Development, RunSafe Security

Cyber Resilience: Protecting Data and Immunizing Software

This webinar explores two important technologies that are able to protect data and repel state-sponsored attacks The cyber security threat landscape is ever-evolving. Every year, attackers add new techniques and capabilities to their arsenal, increasing their ability to evade detection and attack your systems. Zero-day threats, advanced malware, and ransomware are able to easily evade anti-virus solutions that are simply too slow to respond to the constant stream of emerging threats. The majority of malware in the wild is obfuscated to sneak past perimeter-based defenses. Because of these threats, both government organizations and private enterprises need to consider implementing data security that protects the data directly. Speakers: Joe Saunders Founder, CEO of RunSafe Security Ricardo Bueno President, CEO of Cyber Reliant Corporation

RunSafe Lunch & Learn Presentation and Live Demo of Alkemist at SANS 2020

RunSafe's Kenton Brazelle, Senior Field Engineer, presents at the SANS 2020 virtual Lunch and Learn session on April 8, 2020. This video contains: - Memory corruption attack explanation - Highlight on the large impact of memory-based vulnerabilities in cybersecurity. - Explanation of Alkemist Load Time Function Randomization - How Alkemist enables continuous security across build and deeply toolchains - Online demo of Alkemist

Yocto, RunSafe and Memory Threat Immunization

“A great threat has become a great opportunity” IIoT World editor-in-chief Lucian Fogoros recently interviewed RunSafe Chief Technology Officer Doug Britton and Andrew Murray, QA Ninja about the impact of the yocto project, the rising number of vulnerabilities in the IoT industry and effortless way adding Alkemist to a yocto project eliminates those vulnerabilities. Blog Post:

RunSafe Security TITAN Teaming Webinar April 9 2020

RunSafe Security TITAN Teaming Webinar April 9 2020. An overview of Alkemist, a Live Demo, and how to integrate Alkiemist's capabilities into teams bidding for the federal government's TITAN contract.

RunSafe's CTO Doug Britton Interviews Bob Bigman during DevSecOps Bash at SANS Fairfax VA

How about everything you wanted to ask the former CISO of the CIA, but were afraid to ask?

Effortlessly Immunize Software: RunSafe Security Cybersecurity Demo at SANS Fairfax VA

RunSafe Security Cybersecurity Demo at SANS Fairfax VA by Shane Fry, Director of Security Engineering

RunSafe Security DevSecOps DCCyberWeek Highlight Video Final

A highlight reel about RunSafe Security's DevSecOps bash featuring Nicolas Chaillan, Chief Software Officer of the United States Air Force.

Doug Britton Interview Final

Interview with Doug Britton, RunSafe Security's Chief Technology Officer, on the DevSecOps Bash featuring Nicolas Chaillan, Chief Software Officer of the United States Air Force and Joe Saunders, CEO of RunSafe Security.

What are some examples of DevSecOps in real world DOD environments?

What are some examples of DevSecOps in real-world DOD environments? RunSafe Security's DevSecOps Bash featuring Nicolas Chaillan, Chief Software Officer of the United States Air Force and Joe Saunders, CEO of RunSafe Security.

Nicolas Chaillan, CSO of the Air Force and Joe Saunders, CEO of RunSafe debate their chess prowess

RunSafe Security's DevSecOps bash featuring Nicolas Chaillan, Chief Software Officer of the United States Air Force and Joe Saunders, CEO of RunSafe Security debate their chess prowess.

What are the options for cyber hardening software? Nicolas Chaillan and Joe Saunders

What are the options for cyber hardening software? RunSafe Security's DevSecOps Bash featuring Nicolas Chaillan, Chief Software Officer of the United States Air Force and Joe Saunders, CEO of RunSafe Security.

Nick Rea Interview Final

Interview with Nick Rea, RunSafe VP of Market Development, on the DevSecOps Bash featuring Nicolas Chaillan, Chief Software Officer of the United States Air Force and Joe Saunders, CEO of RunSafe Security.

How do you encourage a DevSecOps culture? Nicolas Chaillan- US Air Force

How do you encourage a DevSecOps culture? RunSafe Security's DevSecOps bash featuring Nicolas Chaillan, Chief Software Officer of the United States Air Force and Joe Saunders, CEO of RunSafe Security.

Protect Critical Infrastructure with RunSafe Security's Alkemist

Skilled cybercriminals use software vulnerabilities to compromise embedded systems and devices. RunSafe Security defeats hackers with our patented cyberhardening transformation process, Alkemist.

RunSafe Security: How Has Cybersecurity Changed in the Last 5 Years?

People are starting to protect from the inside out.

RunSafe Security: Misconceptions About Protection from Cyberattacks

Consider how the underlying technology should be protected.

RunSafe Security: What Are Your Top 3 Suggestions?

Threat intelligence, perimeter defense, and harden internal software layer.

RunSafe Security: Beyond Traditional Cybersecurity Techniques

Consider how the underlying technology should be protected.

RunSafe Security: Break Down Alkemist

Assume hackers will gain entry; Alkemist renders threats inert.

RunSafe Security: What's RunSafe Doing That's Different?

We harden software to address vulnerabilities and reduce attack surfaces.