Hiding in Plain Sight - The Untold Story of Hidden Vulnerabilities

Explore the limitations of vulnerability scanners and Software Composition Analysis (SCA) tools in this eye-opening 49-minute conference talk from BSidesLV. Delve into groundbreaking benchmark research and root cause analysis that evaluates leading commercial and open-source security tools. Discover the main causes of scanner misidentifications, including blindspots created by common build and deployment practices. Learn about thousands of hidden vulnerabilities identified in real-world applications, many of which are known to be exploited in the wild. Gain insights into the significant gap in the effectiveness of these tools and understand the need for objective evaluation criteria. Walk away with a deeper understanding of the limitations of vulnerability scanners and SCA tools, as well as the importance of adopting more holistic approaches to software security. Presented by Yotam Perkal and Ofri Ouzan, this talk challenges conventional wisdom and provides valuable knowledge for anyone involved in software development and security.