The Devils in the Dependency - Data Driven Software Composition Analysis

Dive into a comprehensive analysis of open source library usage and vulnerabilities in software development during this 38-minute Black Hat conference talk. Explore data from over 85,000 applications and 500,000+ open source libraries, uncovering insights on dependency cascades, proof-of-concept exploits, and the impact of even small, popular libraries on application security. Examine language-specific trends, vulnerability patterns, and the implications of transitive dependencies. Learn about the OWASP Top Ten categories, exploit availability, and the vulnerability funnel. Gain valuable takeaways on managing library dependencies, understanding security risks, and making informed decisions about language choices and library updates in your software development process.