Explore the complexities of vulnerability management in third-party software through this 46-minute OWASP Foundation conference talk. Delve into the world of Software Composition Analysis (SCA) tools and Software Bill of Materials (SBOMs), examining their effectiveness in addressing security concerns like Log4Shell and supply chain attacks. Gain insights from the perspective of a FOSS security library provider on the challenges and potential improvements in the vulnerability management process. Learn how AppSec engineers and developers can streamline and enhance their approach to identifying and mitigating security risks in third-party dependencies. Benefit from the speaker's extensive experience in application security, applied cryptography, and web AppSec as you navigate the intricate landscape of false positives and negatives in vulnerability analysis.
From SBOMs to F-Bombs: Vulnerability Analysis, SCA Tools, and False Positives and Negatives
Overview
Syllabus
From SBOMs to F-Bombs: Vulnerability Analysis, SCA Tools, and False Positives & Negatives
Taught by
OWASP Foundation
Related Courses
-
Large-Scale Software Composition Analysis: Uncovering Vulnerable Dependencies in 600 Apps
-
Dependency-Track: Intelligent Software Composition Analysis Platform
-
OWASP Flagship Projects - OWASP Dependency-Check
-
Narrow - SCA Reachability Analysis Without The Effort
-
Beyond the Code - SBOM and Supply Chain Security
-
Prioritisation of SCA Findings in Software Dependencies Using Static Reachability Analysis
