Making Invisible Things Visible - Tracking Down Known Vulnerabilities

Explore the findings of a comprehensive study on software development practices in this 45-minute LASCON conference talk. Delve into the patterns and practices of 3000 high-performance software development organizations, focusing on the use of open source and third-party components. Learn about the security implications of using these components, with 1 in 17 containing known vulnerabilities. Discover insights from the 2016 State of the Software Supply Chain Report, including an analysis of 25,000 applications and their component quality. Gain valuable knowledge on how leading organizations like Mayo Clinic, Exxon, Capital One, the U.S. FDA, and Intuit implement software supply chain automation to enhance application security. Understand the importance of component age in security considerations and learn strategies to balance development speed with quality and security early in the lifecycle. Compare your organization's application security practices with industry benchmarks and acquire actionable insights to discuss with your development and security teams.