Open Source Vulnerabilities in Software Development - Am I really exposed?
Details
Vulnerabilities in Open Source libraries are found and published. Many tools are available to scan your project for the libraries in your build, their exact version and whether these have a known vulnerability. But that doesn't mean that your application is vulnerable. Found out what the latest insights are in OSA exposure assessment.
You don't want to waste energy on replacing or reengineering a vulnerable library if you are not exposed.
- How can you assess if you are exposed?
- Besides replacing or upgrading a library, how else can you neutralise a vulnerability?
In this webinar, Jason Hammond of Whitesource and Frans van Buul of Fortify will talk about software composition analysis (SCA) and the challenges to know whether you are exposed to the vulnerabilities in the libraries you are using.
Agenda:
15:00 Introduction - Sander Kruger
15:05 SCA, rich vulnerability intelligence and prioritization - Jason Hammond
15:25 SAST and SCA integration - Frans van Buul
15:45 Wrap up and Q&A
Biography Speakers:
Jason Hammond - Whitesource
Jason Hammond is the Director of Solution Engineering, responsible for the technical enablement and support of WhiteSource’s network of integration and the go-to-market partners and their partners. He has over 20 years of experience working in a variety of technical roles across the field of Information and Network Security, Audit, and compliance. Jason is passionate about enabling business to adopt and expand the use of open source software in a secure, compliant, and scalable way.
Frans van Buul - Microfocus
Frans van Buul is Practice Lead for the Fortify application security portfolio. Based out of the Netherlands, he covers EMEA and LATAM regions. Before joining Fortify in 2014, Frans has worked as a Java developer/architect for various software companies, and as a security auditor for PwC. In his current role, Frans uses this combined software development and security background to help Micro Focus’ customers address their application security challenges.