Completed
Data sources
Class Central Classrooms beta
YouTube videos curated by Class Central.
Classroom Contents
The Devils in the Dependency - Data Driven Software Composition Analysis
Automatically move to the next video in the Classroom when playback concludes
- 1 Intro
- 2 We're going to demonstrate, with data...
- 3 About the report
- 4 Agenda
- 5 Data sources
- 6 Biases
- 7 Library usage is highly language dependent
- 8 Usage rate of popular libraries
- 9 SemVer, the closest we can get to a standard...
- 10 Definition / implications
- 11 Transitive by language (Fig 4)
- 12 Direct vs Transitive vulnerabilities (Figs 11-12)
- 13 More libraries = more problems? (Fig 13)
- 14 Language choice makes a difference (Fig 5)
- 15 OWASP Top Ten (Fig 6)
- 16 PHP is basically a minefield (Fig 7)
- 17 Not all vulnerabilities have exploits (Fig 8)
- 18 PoC exploits by OWASP category (Fig 10)
- 19 The vulnerability funnel (Fig 14)
- 20 Good news: most fixes are minor (Figs 16-17)
- 21 Begs many questions
- 22 How do the chains end?
- 23 Most chains are relatively short...
- 24 but it varies by language
- 25 Most updates are still small
- 26 Takeaways