Explore a comprehensive framework for managing dependencies in vulnerability response during this 53-minute conference talk from AppSecCali 2019. Discover how understanding dependencies can significantly improve the quality of Product Security Incident Response Team (PSIRT) responses, especially when dealing with third-party components. Learn about Dell EMC's successful approach to shifting from reactive to proactive PSIRT responses by implementing dedicated controls earlier in the product lifecycle. Gain insights into managing complex dependency chains, enabling developers to better understand the downstream impacts of upstream decisions, and ultimately enhancing the overall security posture of products incorporating open source and commercial third-party components.
Managing Vulnerability Response Dependencies in Third-Party Components - AppSecCali 2019
Overview
Syllabus
AppSecCali 2019 - It Depends... - Kristen Pascale & Tania Ward
Taught by
OWASP Foundation
Related Courses
-
Software Bill of Materials (S-BoM) - Reducing Risk in Third-Party Components
-
Assessing Third-Party Libraries More Easily with Security Scorecards
-
Supply Chain Security with Dependency Track
-
Dependencies: Do's and Don'ts - Managing Application Dependencies Securely
-
OWASP Dependency Track - Fortifying the Software Supply Chain
-
Using Third-Party Components for Building Secure Software - AppSec EU 2016
