Navigate Up



 2018-06 Open Source Software - Implications for Internal Audit

6/6/2018 11:30 AM
6/6/2018 1:30 PM
Biltmore Santa Clara — 2151 Laurelwood Rd, Santa Clara CA 95054 |  

While using open source software (OSS) makes developing applications much easier, its use can come with legal hoops to jump through and security vulnerabilities that could pose significant risks to the organization. Conducting an audit of the use of OSS code can help companies get a handle on this emerging risk area. This session will:
• Define the risks associated with the use of OSS
• Consider the reporting obligations that come with using open source
• Look at how OSS can create security vulnerabilities in our applications
• Walk through the steps to conducting an audit of the use of OSS

Speaker Bios:

Bruce Carpenter commenced his career in New Zealand as an auditor with KPMG. After overseas experience in London, he moved to San Francisco where he was a senior manager in KPMG’s forensic accounting practice. In 2001 he moved to Sybase Inc. to develop an internal audit department. Here Bruce was responsible for internal audit, enterprise risk management and he was the company compliance officer. Subsequent to Sybase’s acquisition by SAP Bruce moved to the SAP Corporate Audit Department where he was VP Global Sales and Services Audit, working with management to design and develop audits which best aligned with SAP’s ongoing sales strategy. He also led go-to-market activities SAP’s new mobile enabled audit management product. In July 2014 Bruce moved to NVIDIA Corporation to build out the internal audit department.  His aim is to position internal audit as a trusted advisor to strengthen the first and second lines of defense.

Jeff Luszcz is responsible for product strategy for Flexera’s Software Composition Analysis solution. Previously, he was founder & CTO of Palamida, a provider of open source discovery and vulnerability management solutions helping software development organizations understand how to best use open source while complying with their license obligations and managing security vulnerability risk. The company was acquired by Flexera Software. Luszcz also led the professional services team at Palamida responsible for open source compliance and security audits and performed reviews for some of the largest mergers and acquisitions in the technology industry.
Register here