Practical Approach to Automate the Discovery and Eradication of Open-Source Software Vulnerabilities

Explore a pragmatic approach to identifying and eliminating open-source vulnerabilities in Netflix applications at scale in this 51-minute Black Hat conference talk. Delve into the growing adoption of open-source components in modern web applications, examining potential risks and mitigation strategies. Learn about various attack vectors such as typo squatting, package masking, and ownership transfer. Discover Netflix's microservice architecture and design principles for effective vulnerability management. Gain insights into building an open-source vulnerability database, vulnerability triage, and risk assessment strategies. Understand the challenges of dependency updates and explore solutions like selective resolutions and security change campaigns. Examine methods for detecting vulnerable method use and implementing better remediation techniques, including the use of Slack bots. Conclude with a discussion on organizational metrics and key takeaways for managing open-source software vulnerabilities effectively.