Explore the complexities of software composition risk in this informative conference talk by Chris Lindsey from Mend.io. Gain insights into the multifaceted nature of risk, encompassing zero-day vulnerabilities, licensing issues, malicious packages, data loss, and more. Discover why relying solely on CVSS scores is insufficient for proper risk assessment. Learn strategies to reduce and mitigate risks through proactive processes and workflows. Understand how to properly handle open source software and address the challenges posed by developers' "build it and forget it" mentality. Acquire the knowledge to determine real risk, build effective mitigation plans, and implement immediate steps to enhance software security from day one.
Overview
Syllabus
Sponsored Session: Software Composition Risk - Determine Actual Risk and Take Action - Chris Lindsey
Taught by
Linux Foundation