If you care about security, you should never trust software. If you take that a step further, open source software, components, and libraries are pervasive in software deployed across all types of programs. Though you can identify the latest versions and make sure you are up-to-date at a point in time, there is a myriad of vulnerabilities that don’t have fixes, and when patches are available they can’t often be applied in a timely fashion. What are the state-of-the-art ways vulnerabilities in open source code can be identified and mitigated and what can we do if scanning and patching still have holes that put our systems at risk. Moderator: Joe Saunders Participants: Dr. Laurie Williams (NCState); Trey Herr, Director, (The Atlantic Council “Cyber Statecraft Initiative”); Aaron Bray (Phylum)

RunSafe Security DevSecOps Commercial Bash at CyberWeek

As DevSecOps tools proliferate in the market, they all promise better cyber resiliency but that often comes with a cost. Not just the cost of the tool itself, but the additional overhead it takes to implement and operate the tool. Join industry experts from Cloudbees, JFrog and RedHat to learn how businesses are grappling with these challenges and how you can avoid them. Moderator: Nick Rea Participants: John Osborne, (RedHat), Sven Ruppert (JFrog), Tim Johnson (Cloudbees)

RSSM #1: Why should I monitor software crashes? with Shane Fry

Introducing the RunSafe Security Minute! Each week we will provide one minute security briefs. This week's question is: "Why should I monitor software crashes?" with our very own Shane Fry, VP of Security Engineering

RSSM #2: What is load-time function randomization? with Katie Fejer

This week's RunSafe Security Minute is all about load-time function randomization! Don't know what that means? Listen here with our very own Katie Fejer, one of our amazing software engineers.

RSSM #3: How do you deploy in a Yocto build environment? with Andrew Murray

Check out the latest Security Minute from RunSafe with Andrew Murray! ⏱️ This week's question: How do you deploy in a #Yocto build environment? Watch the short clip below. #cybersecurity #softwaresecurity

RunSafe Security DevSecOps Federal Bash at CyberWeek

The French Defense and other moves to embed security in DevSecOps. Software is never done and speed always matters. The DoD is moving to DevSecOps in response. It’s a journey involving both cultural and technical changes. Join Gitlab, Jasper, and RunSafe for a discussion of security approaches and use cases. With a special appearance by Nicolas Chaillan, like you’ve never seen him before. Moderator: Dave Salwen Participants: Andy Patel (Jasper Solutions), Inc.; Joe McKairns (Gitlab Federal)

RunSafe Security Cloud Workloads Bash at Cyber Week

As enterprises migrate to the cloud, cloud providers offer infrastructure, redundancy, and availability. But there are core capabilities in managing the security of cloud workloads not offered by cloud providers. What are these core capabilities, how do you deploy them, and what are ways to ensure your open source software, containers, and workloads are protected? Moderator: Nick Rea, RunSafe Security Participants: Mike Shinn (Atomicorp); and Johnnie Konstantas, (Oracle)

RunSafe Security 5G Bash at CyberWeek

As 5G technology is deployed, there is much excitement around the new capabilities it will deliver. Equal to that excitement is the growing concern of how to secure 5G technologies. With many new use cases once thought outside the realm of wireless, security practitioners are grappling with how to properly secure their new 5G back environments. Wireless industry experts from the Carrier, OEM and VC community will share their perspectives on how businesses of all types can ensure they’re prepared to deploy 5G based solutions in a secure manner. Moderator: Joe Saunders Participants: Randy Clark (Vice-Chair, National Spectrum Consortium), Gilman Louie (Alsop Louie), Julie Holdren, CPO, VERB Technology, and Lisa Porter (LogIQ, former Deputy Undersecretary DOD-R&E)

Secure your Open Source IT Infrastructure with RunSafe Hardened Images on Oracle Cloud Infrastructure (OCI) Managing cybersecurity vulnerabilities in Open Source software is a complex and taxing effort. You don’t own the code which naturally limits your options to ensure it’s secure. Current approaches to secure open source infrastructure relies heavily on scanning for known vulnerabilities and recommending patches. But this doesn’t address unknown vulnerabilities and the inherent challenges with chaotic patching cycles. Modern approaches like code hardening are bridging the gap and adding a new level of cyber resilience to open source code. This Webinar will unpack both the business value and the technical details of how this works with RunSafe Alkemist and OCI. We’ll unpack how common open source infrastructure packages made available from RunSafe Security are a turnkey solution for Oracle Cloud Marketplace customers. Panelists 

  • Phil Griston, Oracle, Business Development, Lead Security and Networking Marketplace Partnerships
  • Chris Crowley, SANS Institute, Senior Instructor - Nick Rea, RunSafe Security, VP Market Development

Presenters: Cindy Blake, CISSP, Sr. Security Evangelist, GitLab Stephen Chin, Head of Developer Relations, JFrog Ed Moyle, Partner, SecurityCurve Joseph Saunders, Founder & CEO, RunSafe Security, Inc. Anders Wallgren, VP of Technology Strategy, CloudBees How do you address the security challenges associated with high velocity code release? If you are exploring the double-edged sword that is open source code, this webcast will share the strategies you need in order to effectively build security into the development process without slowing down developers. We’ll be joined by DevOps industry experts who will engage in a hearty discussion focused on the benefits and challenges of high velocity code release.

Description and live demonstration of the RunSafe Security Alkemist Jfrog Artifactory plugin stopping a once successful cyber attack against an application. For more information visit our website: For hands-on access to the Alkemist technology visit our portal: Video by: Kenton Brazelle - Senior Field Engineer #cyber #infosec #devops #devsecops #jfrog

SANSFIRE 2020- Rapidly Inoculate Compiled Code Against Software Memory Vulnerabilities

Effortlessly Immunize Software - Rapidly Inoculate Compiled Code Against Software Memory Vulnerabilities. RunSafe will present a brief primer on the problem of software memory vulnerabilities, and how our approach works as well as is different from other alternatives. We will then walk students through a hands-on demo illustrating: How to implement source code immunization using Alkemist:Repo How to use pre-hardened binaries of popular open source components immunized via LFR through Runsafe's Alkemist:Repo. Each student will receive a free 30-day trial account, so they can continue working with Alkemist after the Lunch & Learn event.

Security assuming networks are breached, supply chains are compromised, or insiders gained access. The speakers are: James Murphy, President, Mission Essentials John Suit, CTO, Cyber Reliant Joe Saunders, CEO, RunSafe Security Agenda: Introduction - James Murphy, Mission Essentials Case Study - Secure Data Despite Cyber Attack, John Suit, Cyber Reliant Case Study - Secure Software Despite Cyber Attack, Joe Saunders, RunSafe Security Q&A - James Murphy and Audience Participants

Recorded by The Cyber Guild: Joe Saunders is the founder and CEO of RunSafe Security, a pioneer of cyberhardening technology for embedded systems and devices and industrial control systems. He leads a team of former U.S. government cybersecurity specialists who know how attackers think about problems, how they weaponize attacks and how they choose targets. A 25-year veteran of many national security and cybersecurity roles, Joe is on a personal mission to transform cybersecurity by challenging outdated assumptions and disrupting the economics that motivate hackers to attack.

In this short webinar, IOT device engineers and developers will see how they can immunize their devices against the root-cause of more than 50% of post-deployment updates. Using the customer example of a feature-rich, yocto-based server management solution from Vertiv™, attendees will see how to get these benefits in 3-steps, without any software changes. Attendees will leave with a 30-day trial license to use RunSafe’s tools in their own environments and demo in the RunSafe self-service portal. Vertiv™ Avocent® Core Insight is built on top of the openBMC yocto project, designed to securely add powerful, lights-out management features to servers and other infrastructure. Avocent® Core Insight chief architect, Joerg Weedermann will walk through the product architecture and software stack. Joerg will then show how that entire stack became protected against a class of security exploitation risk by the simple addition of RunSafe’s Alkemist. Because the images running on each yocto-built embedded system are identical, a single vulnerability can expose thousands of systems and attackers can easily scale their attacks. Alkemist can mitigate this concern by using a patented technique called Loadtime Function Randomization (LFR). Alkemist performs randomization at runtime instead of buildtime, preserving “Binary Reproducibility,” one of the yocto project’s core features, while dramatically increasing security against memory-based attacks. RunSafe’s recent blog on security in yocto can be found here:

Artifactory Plugin Overview Video