The Devils in the Dependency - Data Driven Software Composition Analysis

The Devils in the Dependency - Data Driven Software Composition Analysis

Black Hat via YouTube Direct link

Usage rate of popular libraries

8 of 26

8 of 26

Usage rate of popular libraries

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

The Devils in the Dependency - Data Driven Software Composition Analysis

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Intro
  2. 2 We're going to demonstrate, with data...
  3. 3 About the report
  4. 4 Agenda
  5. 5 Data sources
  6. 6 Biases
  7. 7 Library usage is highly language dependent
  8. 8 Usage rate of popular libraries
  9. 9 SemVer, the closest we can get to a standard...
  10. 10 Definition / implications
  11. 11 Transitive by language (Fig 4)
  12. 12 Direct vs Transitive vulnerabilities (Figs 11-12)
  13. 13 More libraries = more problems? (Fig 13)
  14. 14 Language choice makes a difference (Fig 5)
  15. 15 OWASP Top Ten (Fig 6)
  16. 16 PHP is basically a minefield (Fig 7)
  17. 17 Not all vulnerabilities have exploits (Fig 8)
  18. 18 PoC exploits by OWASP category (Fig 10)
  19. 19 The vulnerability funnel (Fig 14)
  20. 20 Good news: most fixes are minor (Figs 16-17)
  21. 21 Begs many questions
  22. 22 How do the chains end?
  23. 23 Most chains are relatively short...
  24. 24 but it varies by language
  25. 25 Most updates are still small
  26. 26 Takeaways

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.