OWASP Chapter Meeting / January

ALIENS IN YOUR APPS! ARE YOU USING COMPONENTS WITH KNOWN VULNERABILITIES?

We all know that Open Source brings speed, innovation, cost savings and more to our development efforts. It also brings risk. Bash, Heartbleed, Struts – anyone? Thus the OWASP A9 guideline – Don’t Use Components with Known Vulnerabilities. Join this session to hear the latest research on the most risky open source component types – the alien invaders hiding in your software. Explore the technical realities of why is has been so hard to fully erradicate vulnerable open source components. And learn best practices to manage your risk based on the 11,000 people who shared their experiences in the 4 year industry–wide study on open source development and application security. Among the surprising results…

• 1-in-3 organizations had or suspected an open source breach in the last 12 months

• Only 16% of participants must prove they are not using components with known vulnerabilities

• 64% don’t track changes in open source vulnerability data

Join Brian for what is sure to be an engaging and insightful assessment of these trends with practical approaches to solving the problem today.

Food & Drink provided by our event sponsor: Secure Decisions

Presenter:

Brian Fox is VP of Product Management at Sonatype, with extensive open source experience as a member of the Apache Software Foundation for the past 7 years and former Chair of the Apache Maven project. Brian has provided significant development contributions to the Maven ecosystem, including the maven-dependency-plugin and maven-enforcer-plugin. He has over 15 years of experience driving the vision behind, as well as developing and leading the development of software for organizations ranging from startups to large enterprises. Brian holds a Bachelor of Science degree in Computer Science from Daniel Webster College.