Managing Vulnerabilities in Open-Source Dependencies

Day 1 | 16:30 | 00:30 | UB4.132 | Eva Sarafianou


Note: I'm reworking this at the moment, some things won't work.

The stream isn't available yet! Check back at 16:30.

In today’s software development landscape, products are often an intricate blend of in-house code and open-source third-party dependencies. While many organizations have robust procedures to secure their own codebase, the strategies to safeguard against vulnerabilities in open-source components are not as well-developed.

In this session, we will navigate the complexities of implementing an effective process to manage vulnerabilities within open-source dependencies. Our discussion will cover key considerations for evaluating software composition analysis tools and detail the steps necessary for a successful tool rollout. We will delve into effective strategies for triaging findings and shifting from a reactive to a proactive security posture.

You will leave the session equipped with a foundational but adaptable process, ready to enhance the security of your products that depend on open-source dependencies.