Overview
Explore the critical aspects of open source software (OSS) security in this 52-minute Black Hat conference talk. Delve into the rising usage of OSS and its associated risks for companies, examining the real costs and liabilities of incorporating third-party code. Learn about tracking and understanding exposure to vulnerabilities, even in mature enterprise environments. Discover strategies for managing OSS within your organization's Product Development Lifecycle, separating hype from genuine risks. Evaluate factors for determining whether to use specific products or libraries, including Vulnerability Metrics and Time to Patch analysis. Gain insights from real-world examples and case studies, including the impact of a single third-party library vulnerability across multiple products. Explore how incident response learnings can inform smarter product development. Examine a customized OSS Maturity Model and understand the stages of maturity for organizations developing software with OSS. Equip yourself with practical knowledge to effectively prioritize and internalize OSS-related risks in your software development process.
Syllabus
OSS Security Maturity: Time to Put on Your Big Boy Pants!
Taught by
Black Hat