Overview
Explore the security implications of incorporating open-source components into closed-source applications in this 41-minute conference talk from Recon 2017 Brussels. Delve into the examination of Adobe Reader's XSLT engine, based on the open-source Sablotron project, to understand potential vulnerabilities. Learn techniques for auditing source code and matching source-to-binary to identify vulnerable conditions. Discover real-world examples of code execution vulnerabilities in Adobe Reader's codebase. Gain insights from industry experts Brian Gorenc, Jasiel Spelman, and Abdul-Aziz Hariri as they discuss trends in vulnerabilities found in Adobe Reader's XSLT engine over the past year and highlight the importance of understanding security side effects when leveraging open-source components in proprietary systems.
Syllabus
Recon 2017 Brussels - Transforming Open Source to Open Access in Closed Applications
Taught by
Recon Conference