Explore a comprehensive conference talk from AppSecEU 2016 in Rome that delves into the challenges and strategies of using third-party components in software development. Learn about secure software development practices, the maintenance challenges associated with third-party software, and different types of components. Discover insights on FLOSS usage at SAP, vulnerability prediction issues, and the importance of understanding factors rather than making predictions. Examine various maintenance models, including centralized, distributed, and hybrid security maintenance approaches. Gain valuable knowledge on strategies for controlling risks and managing effort when incorporating third-party components into your projects. Conclude with key takeaways for effectively leveraging external software while maintaining security and efficiency in your development process.
Using Third-Party Components for Building Secure Software - AppSec EU 2016
Overview
Syllabus
Intro
Secure Software Development
The Maintenance Challenge
Types of Third-Party Software
Data Sources
FLOSS Usage At SAP
What We Want
Vulnerability Prediction?
Vulnerability Prediction: Problems
Understanding Factors Is More Critical Than Predictions
Which Factors Are Interesting?
Relationships Between Factors
Different Maintenance Models
Centralized Security Maintenance
Distributed Security Maintenance
Hybrid Security Maintenance
Strategies For Controlling Risks (1/2)
Strategies For Controlling Effort
Conclusion
Taught by
OWASP Foundation
Related Courses
-
Secure Software Development
-
Vulnerabilities in Old Third-Party Software Components - Importance of SBoM for IoT/OT Devices
-
OWASP A9: Using Components with Known Vulnerabilities - A Year Later
-
Lessons from Integrating Third Party Library Scanning in DevOps Workflow
-
Large-Scale Software Composition Analysis: Uncovering Vulnerable Dependencies in 600 Apps
-
Managing Vulnerabilities in Open-Source Dependencies
