Explore the findings of a comprehensive study on software development practices in this 45-minute LASCON conference talk. Delve into the patterns and practices of 3000 high-performance software development organizations, focusing on the use of open source and third-party components. Learn about the security implications of using these components, with 1 in 17 containing known vulnerabilities. Discover insights from the 2016 State of the Software Supply Chain Report, including an analysis of 25,000 applications and their component quality. Gain valuable knowledge on how leading organizations like Mayo Clinic, Exxon, Capital One, the U.S. FDA, and Intuit implement software supply chain automation to enhance application security. Understand the importance of component age in security considerations and learn strategies to balance development speed with quality and security early in the lifecycle. Compare your organization's application security practices with industry benchmarks and acquire actionable insights to discuss with your development and security teams.
Making Invisible Things Visible - Tracking Down Known Vulnerabilities
Overview
Syllabus
Introduction
Components are not created equal
Open Source Components in the Top 10
Why are the numbers important
This years report
Software Supply Chains
Lessons from Deming
Supply of Components
Download Requests
Open Source
Known Vulnerability
Downloads
Open Source Components
Bruce Mayhew
Using New Components
Forrester Report
Cost of Remediation
Automation
Continuous Integration
Dependency Check
Software Supply Chain Report
Taught by
LASCON
Related Courses
-
Implementing a Supply Chain Approach to Build and Deploy Secure Applications - AppSecEU 2016
-
The Illusion of Control - Secrets Within Your Software Supply Chain
-
OWASP A9: Using Components with Known Vulnerabilities - A Year Later
-
Securing the Software Supply Chain: From Threats to Best Practices
-
Securing the Open Source Software Supply Chain
-
Security Concerns in Every Stage of the Software Supply Chain
