Overview
Explore the findings of a comprehensive four-year industry study on application security practices, drivers, and trends within the open source development community in this conference talk from AppSecUSA 2014. Gain insights from a panel of senior application security experts as they discuss surprising survey results, including the lack of enforcement of open source policies, limited verification of component vulnerabilities, and inadequate tracking of open source vulnerability data. Learn about the impact of the Heartbleed bug announcement on organizations' preparedness for future vulnerabilities. Discover the implications of OWASP's inclusion of "(A9) Avoiding the use of open source components with known vulnerabilities" in its top 10 list and understand why 90% of typical applications are composed of open source components.
Syllabus
11,000 Voices: Experts Shed Light on 4-Year Open Source & AppSec Survey - OWASP AppSecUSA 2014
Taught by
OWASP Foundation