SlideShare uma empresa Scribd logo

The State of Open Source Vulnerabilities Management

S
SBWebinars

The number of open source vulnerabilities hit an all-time record in 2017 with 3,500 reported vulnerabilities - that's 60% higher than the previous year, and the trend continues in 2018. Since it’s impossible to keep up with today’s pace of software production without open source, development and security teams are challenged to meet security objectives, without compromising on speed and quality. It's time to for organizations to step up their open source security game. Join WhiteSource's Senior Director of Product Management, Rami Elron, as he discusses: the current state of open source vulnerabilities management; organizations' struggle to handle open source vulnerabilities; and the key strategy for effective vulnerability management.

Tecnologia
1 de 23
Baixar para ler offline
THE STATE OF OPEN SOURCE VULNERABILITIES MANAGEMENT Presented by: Rami Elron, Senior Director of Product Management at WhiteSource
Key Findings: 1 Reported open source security vulnerabilities are on the rise. 2 The absence of standard practices and developer- focused tools lead to inefficient handling of open source vulnerabilities. 3 Prioritization is crucial to ensure companies address the most critical vulnerabilities on time. 4 Prioritization based on usage analysis can reduce security alerts by 70% to 85%.
OPEN SOURCE SECURITY VULNERABILITIES ARE ON THE RISE 1
The number of disclosed open source vulnerabilities rose by over 50% in 2017 NUMBER OF REPORTED OPEN SOURCE VULNERABILITIES ROSE BY 51.2% IN 2017
FREQUENCY OF USE OF OPEN SOURCE COMPONENTS of developers rely on open source components 96.8%
of all open source projects are vulnerable, but when it comes to the most popular open source projects… 7.5%
But, it's not all bad. The rise in awareness also led to a sharp rise in suggested fixes… of all reported vulnerabilities have at least one suggested fix in the open source community 97.4%
Information about vulnerabilities is scattered across hundreds of resources, usually poorly indexed and therefore unsearchable OF REPORTED OPEN SOURCE VULNERABILITIES APPEAR IN THE CVE DATABASE 86% OVER
DEVELOPERS ARE NOT EFFICIENTLY MANAGING OPEN SOURCE VULNERABILITIES 2
Developers rated security vulnerabilities as the #1 challenge when using open source components TOP CHALLENGES IN USING OPEN SOURCE COMPONENTS
Developers spend 15 hours each month dealing with open source vulnerabilities (e.g. reviewing, discussing, addressing, remediating, etc.) The cost is even higher, considering that the more experienced developers are the ones remediating HOURS SPENT ON OPEN SOURCE VULNERABILITIES PER DEVELOPERS' EXPERIENCE
WHAT DO YOU DO WHEN A VULNERABILITY IS FOUND? 1.0% 34.1% 13.3% 18.7% 33.0% Out of the monthly 15 hours only 3.8 hours are invested in remediation. The lack of set practices and tools can explain these inefficiencies.
PRIORITIZATION IS KEY TO OPEN SOURCE VULNERABILITY MANAGEMENT 3
Perfect security is impossible. Zero risk is impossible. We must bring prioritization of application vulnerabilities to DevSecOps. In a futile attempt to remove all possible vulnerabilities from applications, we are slowing developers down and wasting their time chasing issues that aren’t real. 10 Things to Get Right for Successful DevSecOps Neil MacDonald, Gartner
25.2% 11.6% 15.1% 17.3% Survey results show that developers prioritize remediation of vulnerabilities based on available information, not necessarily on the impact of a vulnerability on the security of an application. 14.7% 16.2%
Security teams analyze and prioritize vulnerabilities Sending emails or opening issues/tickets Closing the loop on resolution is hard The Common Way of Handling Security Vulnerabilities
Bridging the Gap is a Must Security DevOps Developers
WhiteSource Software Confidential ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? Reported Vulnerabilities Can you really handle all of them? Which ones constitute a real risk? Which ones should be addressed first? Effective Vulnerabilities Less to deal with. Much less.vs. The Secret to Prioritization: Reported Vulnerabilities are not Necessarily EFFECTIVE Focusing on Effective Vulnerabilities Could Enable: Better development efficiency Better development effectiveness Better security
A new approach to prioritizing vulnerabilities - based their impact on an application’s security EFFECTIVE VULNERABILITY If the proprietary code is making calls to the vulnerable functionality INEFFECTIVE VULNERABILITY If the proprietary code is NOT making calls to the vulnerable functionality EFFECTIVE VS INEFFECTIVE VULNERABILITIES IN A COMPONENT
After testing 2,000 Java applications, WhiteSource found that 72% of all detected vulnerabilities were deemed ineffective. Based on the data collected in our survey, this can be translated to saving 10.5 hours per month per each developer (70% of 15 monthly hours).
EFFECTIVE USAGE ANALYSIS 4
Effective Usage Analysis is the technology of prioritizing open source vulnerabilities based on the way they are used by the application. Our beta testing on 25 commercial applications from 12 organizations showed that: analyzed projects were found to be vulnerable of the vulnerabilities (effective and ineffective) were found in transitive dependencies of all vulnerability alerts were found to be ineffective of all analyzed projects were found to contain only ineffective vulnerabilities ALL 90% 86% 64%
Q&A

Recomendados

OSSF 2018 - David habusha of Whitesource - Open Source Vulnerabilities 101
OSSF 2018 - David habusha of Whitesource - Open Source Vulnerabilities 101OSSF 2018 - David habusha of Whitesource - Open Source Vulnerabilities 101
OSSF 2018 - David habusha of Whitesource - Open Source Vulnerabilities 101FINOS
 
The State of Open Source Vulnerabilities Management
The State of Open Source Vulnerabilities ManagementThe State of Open Source Vulnerabilities Management
The State of Open Source Vulnerabilities ManagementWhiteSource
 
Taking Open Source Security to the Next Level
Taking Open Source Security to the Next LevelTaking Open Source Security to the Next Level
Taking Open Source Security to the Next LevelSBWebinars
 
The State of Open Source Vulnerabilities - A WhiteSource Webinar
The State of Open Source Vulnerabilities - A WhiteSource WebinarThe State of Open Source Vulnerabilities - A WhiteSource Webinar
The State of Open Source Vulnerabilities - A WhiteSource WebinarWhiteSource
 
Tackling the Risks of Open Source Security: 5 Things You Need to Know
Tackling the Risks of Open Source Security: 5 Things You Need to KnowTackling the Risks of Open Source Security: 5 Things You Need to Know
Tackling the Risks of Open Source Security: 5 Things You Need to KnowWhiteSource
 
Winning open source vulnerabilities without loosing your deveopers - Azure De...
Winning open source vulnerabilities without loosing your deveopers - Azure De...Winning open source vulnerabilities without loosing your deveopers - Azure De...
Winning open source vulnerabilities without loosing your deveopers - Azure De...WhiteSource
 
Supply Chain Solutions for Modern Software Development
Supply Chain Solutions for Modern Software DevelopmentSupply Chain Solutions for Modern Software Development
Supply Chain Solutions for Modern Software DevelopmentSonatype
 
Information Security Incidents Survey in Russia
Information Security Incidents Survey in RussiaInformation Security Incidents Survey in Russia
Information Security Incidents Survey in RussiaPositive Hack Days
 

Recomendados

OSSF 2018 - David habusha of Whitesource - Open Source Vulnerabilities 101
OSSF 2018 - David habusha of Whitesource - Open Source Vulnerabilities 101OSSF 2018 - David habusha of Whitesource - Open Source Vulnerabilities 101
OSSF 2018 - David habusha of Whitesource - Open Source Vulnerabilities 101FINOS
 
The State of Open Source Vulnerabilities Management
The State of Open Source Vulnerabilities ManagementThe State of Open Source Vulnerabilities Management
The State of Open Source Vulnerabilities ManagementWhiteSource
 
Taking Open Source Security to the Next Level
Taking Open Source Security to the Next LevelTaking Open Source Security to the Next Level
Taking Open Source Security to the Next LevelSBWebinars
 
The State of Open Source Vulnerabilities - A WhiteSource Webinar
The State of Open Source Vulnerabilities - A WhiteSource WebinarThe State of Open Source Vulnerabilities - A WhiteSource Webinar
The State of Open Source Vulnerabilities - A WhiteSource WebinarWhiteSource
 
Tackling the Risks of Open Source Security: 5 Things You Need to Know
Tackling the Risks of Open Source Security: 5 Things You Need to KnowTackling the Risks of Open Source Security: 5 Things You Need to Know
Tackling the Risks of Open Source Security: 5 Things You Need to KnowWhiteSource
 
Winning open source vulnerabilities without loosing your deveopers - Azure De...
Winning open source vulnerabilities without loosing your deveopers - Azure De...Winning open source vulnerabilities without loosing your deveopers - Azure De...
Winning open source vulnerabilities without loosing your deveopers - Azure De...WhiteSource
 
Supply Chain Solutions for Modern Software Development
Supply Chain Solutions for Modern Software DevelopmentSupply Chain Solutions for Modern Software Development
Supply Chain Solutions for Modern Software DevelopmentSonatype
 
Information Security Incidents Survey in Russia
Information Security Incidents Survey in RussiaInformation Security Incidents Survey in Russia
Information Security Incidents Survey in RussiaPositive Hack Days
 
Webinar: Systems Failures Fuel Security-Focused Design Practices
Webinar: Systems Failures Fuel Security-Focused Design PracticesWebinar: Systems Failures Fuel Security-Focused Design Practices
Webinar: Systems Failures Fuel Security-Focused Design PracticesSynopsys Software Integrity Group
 
One login enemy at the gates
One login enemy at the gatesOne login enemy at the gates
One login enemy at the gatesEoin Keary
 
Accelerating Innovation with Software Supply Chain Management
Accelerating Innovation with Software Supply Chain ManagementAccelerating Innovation with Software Supply Chain Management
Accelerating Innovation with Software Supply Chain ManagementSonatype
 
Why happier developers create more secure code
Why happier developers create more secure codeWhy happier developers create more secure code
Why happier developers create more secure codeDJ Schleen
 
Increasing DevSecOps Maturity Level in 2021
Increasing DevSecOps Maturity Level in 2021Increasing DevSecOps Maturity Level in 2021
Increasing DevSecOps Maturity Level in 2021Alexandre Rebert
 
Four things that are almost guaranteed to reduce the reliability of a softwa...
Four things that are almost guaranteed to reduce the reliability of a softwa...Four things that are almost guaranteed to reduce the reliability of a softwa...
Four things that are almost guaranteed to reduce the reliability of a softwa...Ann Marie Neufelder
 
Risks in the Software Supply Chain
Risks in the Software Supply ChainRisks in the Software Supply Chain
Risks in the Software Supply ChainMark Sherman
 
Infographic: Heartbleed - Everything Was Secure Until, Suddenly, It Wasn't
Infographic: Heartbleed - Everything Was Secure Until, Suddenly, It Wasn'tInfographic: Heartbleed - Everything Was Secure Until, Suddenly, It Wasn't
Infographic: Heartbleed - Everything Was Secure Until, Suddenly, It Wasn'tSonatype
 
5 things about os sharon webinar final
5 things about os sharon webinar final5 things about os sharon webinar final
5 things about os sharon webinar finalDevOps.com
 
Need Of security in DevOps
Need Of security in DevOpsNeed Of security in DevOps
Need Of security in DevOpsManasi Mali
 
Applying Software Quality Models to Software Security
Applying Software Quality Models to Software SecurityApplying Software Quality Models to Software Security
Applying Software Quality Models to Software SecurityCAST
 
Deep Dive into Container Security
Deep Dive into Container SecurityDeep Dive into Container Security
Deep Dive into Container SecurityWhiteSource
 
Security & DevOps - What We Have Here Is a Failure to Communicate!
Security & DevOps - What We Have Here Is a Failure to Communicate!Security & DevOps - What We Have Here Is a Failure to Communicate!
Security & DevOps - What We Have Here Is a Failure to Communicate!DevOps.com
 
Sonatype's 2013 OSS Software Survey
Sonatype's 2013 OSS Software Survey Sonatype's 2013 OSS Software Survey
Sonatype's 2013 OSS Software SurveySonatype
 
Live 2014 Survey Results: Open Source Development and Application Security Su...
Live 2014 Survey Results: Open Source Development and Application Security Su...Live 2014 Survey Results: Open Source Development and Application Security Su...
Live 2014 Survey Results: Open Source Development and Application Security Su...Sonatype
 
Stu r35 a
Stu r35 aStu r35 a
Stu r35 aSelectedPresentations
 
Inauguration lecture Martin Pinzger, University of Klagenfurt, Austria
Inauguration lecture Martin Pinzger, University of Klagenfurt, AustriaInauguration lecture Martin Pinzger, University of Klagenfurt, Austria
Inauguration lecture Martin Pinzger, University of Klagenfurt, AustriaMartin Pinzger
 
Continuous Acceleration with a Software Supply Chain Approach
Continuous Acceleration with a Software Supply Chain ApproachContinuous Acceleration with a Software Supply Chain Approach
Continuous Acceleration with a Software Supply Chain ApproachSonatype
 
Strengthening cyber resilience with Software Supply Chain Visibility
Strengthening cyber resilience with Software Supply Chain VisibilityStrengthening cyber resilience with Software Supply Chain Visibility
Strengthening cyber resilience with Software Supply Chain VisibilitySonatype
 
Veracode Corporate Overview - Print
Veracode Corporate Overview - PrintVeracode Corporate Overview - Print
Veracode Corporate Overview - PrintAndrew Kanikuru
 
Taking Open Source Security to the Next Level
Taking Open Source Security to the Next LevelTaking Open Source Security to the Next Level
Taking Open Source Security to the Next LevelWhiteSource
 
7 Reasons Your Applications are Attractive to Adversaries
7 Reasons Your Applications are Attractive to Adversaries7 Reasons Your Applications are Attractive to Adversaries
7 Reasons Your Applications are Attractive to AdversariesDerek E. Weeks
 

Mais conteúdo relacionado

Mais procurados

Webinar: Systems Failures Fuel Security-Focused Design Practices
Webinar: Systems Failures Fuel Security-Focused Design PracticesWebinar: Systems Failures Fuel Security-Focused Design Practices
Webinar: Systems Failures Fuel Security-Focused Design PracticesSynopsys Software Integrity Group
 
One login enemy at the gates
One login enemy at the gatesOne login enemy at the gates
One login enemy at the gatesEoin Keary
 
Accelerating Innovation with Software Supply Chain Management
Accelerating Innovation with Software Supply Chain ManagementAccelerating Innovation with Software Supply Chain Management
Accelerating Innovation with Software Supply Chain ManagementSonatype
 
Why happier developers create more secure code
Why happier developers create more secure codeWhy happier developers create more secure code
Why happier developers create more secure codeDJ Schleen
 
Increasing DevSecOps Maturity Level in 2021
Increasing DevSecOps Maturity Level in 2021Increasing DevSecOps Maturity Level in 2021
Increasing DevSecOps Maturity Level in 2021Alexandre Rebert
 
Four things that are almost guaranteed to reduce the reliability of a softwa...
Four things that are almost guaranteed to reduce the reliability of a softwa...Four things that are almost guaranteed to reduce the reliability of a softwa...
Four things that are almost guaranteed to reduce the reliability of a softwa...Ann Marie Neufelder
 
Risks in the Software Supply Chain
Risks in the Software Supply ChainRisks in the Software Supply Chain
Risks in the Software Supply ChainMark Sherman
 
Infographic: Heartbleed - Everything Was Secure Until, Suddenly, It Wasn't
Infographic: Heartbleed - Everything Was Secure Until, Suddenly, It Wasn'tInfographic: Heartbleed - Everything Was Secure Until, Suddenly, It Wasn't
Infographic: Heartbleed - Everything Was Secure Until, Suddenly, It Wasn'tSonatype
 
5 things about os sharon webinar final
5 things about os sharon webinar final5 things about os sharon webinar final
5 things about os sharon webinar finalDevOps.com
 
Need Of security in DevOps
Need Of security in DevOpsNeed Of security in DevOps
Need Of security in DevOpsManasi Mali
 
Applying Software Quality Models to Software Security
Applying Software Quality Models to Software SecurityApplying Software Quality Models to Software Security
Applying Software Quality Models to Software SecurityCAST
 
Deep Dive into Container Security
Deep Dive into Container SecurityDeep Dive into Container Security
Deep Dive into Container SecurityWhiteSource
 
Security & DevOps - What We Have Here Is a Failure to Communicate!
Security & DevOps - What We Have Here Is a Failure to Communicate!Security & DevOps - What We Have Here Is a Failure to Communicate!
Security & DevOps - What We Have Here Is a Failure to Communicate!DevOps.com
 
Sonatype's 2013 OSS Software Survey
Sonatype's 2013 OSS Software Survey Sonatype's 2013 OSS Software Survey
Sonatype's 2013 OSS Software SurveySonatype
 
Live 2014 Survey Results: Open Source Development and Application Security Su...
Live 2014 Survey Results: Open Source Development and Application Security Su...Live 2014 Survey Results: Open Source Development and Application Security Su...
Live 2014 Survey Results: Open Source Development and Application Security Su...Sonatype
 
Inauguration lecture Martin Pinzger, University of Klagenfurt, Austria
Inauguration lecture Martin Pinzger, University of Klagenfurt, AustriaInauguration lecture Martin Pinzger, University of Klagenfurt, Austria
Inauguration lecture Martin Pinzger, University of Klagenfurt, AustriaMartin Pinzger
 
Continuous Acceleration with a Software Supply Chain Approach
Continuous Acceleration with a Software Supply Chain ApproachContinuous Acceleration with a Software Supply Chain Approach
Continuous Acceleration with a Software Supply Chain ApproachSonatype
 
Strengthening cyber resilience with Software Supply Chain Visibility
Strengthening cyber resilience with Software Supply Chain VisibilityStrengthening cyber resilience with Software Supply Chain Visibility
Strengthening cyber resilience with Software Supply Chain VisibilitySonatype
 
Veracode Corporate Overview - Print
Veracode Corporate Overview - PrintVeracode Corporate Overview - Print
Veracode Corporate Overview - PrintAndrew Kanikuru
 

Mais procurados (20)

Webinar: Systems Failures Fuel Security-Focused Design Practices
Webinar: Systems Failures Fuel Security-Focused Design PracticesWebinar: Systems Failures Fuel Security-Focused Design Practices
Webinar: Systems Failures Fuel Security-Focused Design Practices
 
One login enemy at the gates
One login enemy at the gatesOne login enemy at the gates
One login enemy at the gates
 
Accelerating Innovation with Software Supply Chain Management
Accelerating Innovation with Software Supply Chain ManagementAccelerating Innovation with Software Supply Chain Management
Accelerating Innovation with Software Supply Chain Management
 
Why happier developers create more secure code
Why happier developers create more secure codeWhy happier developers create more secure code
Why happier developers create more secure code
 
Increasing DevSecOps Maturity Level in 2021
Increasing DevSecOps Maturity Level in 2021Increasing DevSecOps Maturity Level in 2021
Increasing DevSecOps Maturity Level in 2021
 
Four things that are almost guaranteed to reduce the reliability of a softwa...
Four things that are almost guaranteed to reduce the reliability of a softwa...Four things that are almost guaranteed to reduce the reliability of a softwa...
Four things that are almost guaranteed to reduce the reliability of a softwa...
 
Risks in the Software Supply Chain
Risks in the Software Supply ChainRisks in the Software Supply Chain
Risks in the Software Supply Chain
 
Infographic: Heartbleed - Everything Was Secure Until, Suddenly, It Wasn't
Infographic: Heartbleed - Everything Was Secure Until, Suddenly, It Wasn'tInfographic: Heartbleed - Everything Was Secure Until, Suddenly, It Wasn't
Infographic: Heartbleed - Everything Was Secure Until, Suddenly, It Wasn't
 
5 things about os sharon webinar final
5 things about os sharon webinar final5 things about os sharon webinar final
5 things about os sharon webinar final
 
Need Of security in DevOps
Need Of security in DevOpsNeed Of security in DevOps
Need Of security in DevOps
 
Applying Software Quality Models to Software Security
Applying Software Quality Models to Software SecurityApplying Software Quality Models to Software Security
Applying Software Quality Models to Software Security
 
Deep Dive into Container Security
Deep Dive into Container SecurityDeep Dive into Container Security
Deep Dive into Container Security
 
Security & DevOps - What We Have Here Is a Failure to Communicate!
Security & DevOps - What We Have Here Is a Failure to Communicate!Security & DevOps - What We Have Here Is a Failure to Communicate!
Security & DevOps - What We Have Here Is a Failure to Communicate!
 
Sonatype's 2013 OSS Software Survey
Sonatype's 2013 OSS Software Survey Sonatype's 2013 OSS Software Survey
Sonatype's 2013 OSS Software Survey
 
Live 2014 Survey Results: Open Source Development and Application Security Su...
Live 2014 Survey Results: Open Source Development and Application Security Su...Live 2014 Survey Results: Open Source Development and Application Security Su...
Live 2014 Survey Results: Open Source Development and Application Security Su...
 
Stu r35 a
Stu r35 aStu r35 a
Stu r35 a
 
Inauguration lecture Martin Pinzger, University of Klagenfurt, Austria
Inauguration lecture Martin Pinzger, University of Klagenfurt, AustriaInauguration lecture Martin Pinzger, University of Klagenfurt, Austria
Inauguration lecture Martin Pinzger, University of Klagenfurt, Austria
 
Continuous Acceleration with a Software Supply Chain Approach
Continuous Acceleration with a Software Supply Chain ApproachContinuous Acceleration with a Software Supply Chain Approach
Continuous Acceleration with a Software Supply Chain Approach
 
Strengthening cyber resilience with Software Supply Chain Visibility
Strengthening cyber resilience with Software Supply Chain VisibilityStrengthening cyber resilience with Software Supply Chain Visibility
Strengthening cyber resilience with Software Supply Chain Visibility
 
Veracode Corporate Overview - Print
Veracode Corporate Overview - PrintVeracode Corporate Overview - Print
Veracode Corporate Overview - Print
 

Semelhante a The State of Open Source Vulnerabilities Management

Taking Open Source Security to the Next Level
Taking Open Source Security to the Next LevelTaking Open Source Security to the Next Level
Taking Open Source Security to the Next LevelWhiteSource
 
7 Reasons Your Applications are Attractive to Adversaries
7 Reasons Your Applications are Attractive to Adversaries7 Reasons Your Applications are Attractive to Adversaries
7 Reasons Your Applications are Attractive to AdversariesDerek E. Weeks
 
5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...
5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...
5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...WhiteSource
 
Amy DeMartine - 7 Habits of Rugged DevOps
Amy DeMartine - 7 Habits of Rugged DevOpsAmy DeMartine - 7 Habits of Rugged DevOps
Amy DeMartine - 7 Habits of Rugged DevOpsSeniorStoryteller
 
Intelligence on the Intractable Problem of Software Security
Intelligence on the Intractable Problem of Software SecurityIntelligence on the Intractable Problem of Software Security
Intelligence on the Intractable Problem of Software SecurityTyler Shields
 
How do YOU compare to others in Mobile DevOps Performance, Productivity, and ...
How do YOU compare to others in Mobile DevOps Performance, Productivity, and ...How do YOU compare to others in Mobile DevOps Performance, Productivity, and ...
How do YOU compare to others in Mobile DevOps Performance, Productivity, and ...AnnaBtki
 
We are excited to announce that our new State of Software Security (SOSS) rep...
We are excited to announce that our new State of Software Security (SOSS) rep...We are excited to announce that our new State of Software Security (SOSS) rep...
We are excited to announce that our new State of Software Security (SOSS) rep...Ampliz
 
The State of Software Security 2022 SOSS - Solution
The State of Software Security 2022 SOSS - SolutionThe State of Software Security 2022 SOSS - Solution
The State of Software Security 2022 SOSS - SolutionNeelKamalSingh8
 
Software Security Assurance for DevOps
Software Security Assurance for DevOpsSoftware Security Assurance for DevOps
Software Security Assurance for DevOpsBlack Duck by Synopsys
 
Software Security Assurance for Devops
Software Security Assurance for DevopsSoftware Security Assurance for Devops
Software Security Assurance for DevopsJerika Phelps
 
From Zero to DevSecOps: How to Implement Security at the Speed of DevOps
From Zero to DevSecOps: How to Implement Security at the Speed of DevOps From Zero to DevSecOps: How to Implement Security at the Speed of DevOps
From Zero to DevSecOps: How to Implement Security at the Speed of DevOps WhiteSource
 
White Paper: 7 Security Gaps in the Neglected 90% of your Applications
White Paper: 7 Security Gaps in the Neglected 90% of your ApplicationsWhite Paper: 7 Security Gaps in the Neglected 90% of your Applications
White Paper: 7 Security Gaps in the Neglected 90% of your ApplicationsSonatype
 
Case Closed with IBM Application Security on Cloud infographic
Case Closed with IBM Application Security on Cloud infographicCase Closed with IBM Application Security on Cloud infographic
Case Closed with IBM Application Security on Cloud infographicIBM Security
 
The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour...
The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour... The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour...
The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour...WhiteSource
 
Why Patch Management is Still the Best First Line of Defense
Why Patch Management is Still the Best First Line of DefenseWhy Patch Management is Still the Best First Line of Defense
Why Patch Management is Still the Best First Line of DefenseLumension
 
Aliens in Your Apps! Are You Using Components With Known Vulnerabilities?
Aliens in Your Apps! Are You Using Components With Known Vulnerabilities?Aliens in Your Apps! Are You Using Components With Known Vulnerabilities?
Aliens in Your Apps! Are You Using Components With Known Vulnerabilities?Sonatype
 
Shifting the conversation from active interception to proactive neutralization
Shifting the conversation from active interception to proactive neutralization Shifting the conversation from active interception to proactive neutralization
Shifting the conversation from active interception to proactive neutralization Rogue Wave Software
 
The Illusion of Control: Seven Deadly Wastes in Your Devops Practice
The Illusion of Control: Seven Deadly Wastes in Your Devops PracticeThe Illusion of Control: Seven Deadly Wastes in Your Devops Practice
The Illusion of Control: Seven Deadly Wastes in Your Devops Practicematthewabq
 
Veracode State of Software Security vol 4
Veracode State of Software Security vol 4Veracode State of Software Security vol 4
Veracode State of Software Security vol 4stemkat
 

Semelhante a The State of Open Source Vulnerabilities Management (20)

Taking Open Source Security to the Next Level
Taking Open Source Security to the Next LevelTaking Open Source Security to the Next Level
Taking Open Source Security to the Next Level
 
7 Reasons Your Applications are Attractive to Adversaries
7 Reasons Your Applications are Attractive to Adversaries7 Reasons Your Applications are Attractive to Adversaries
7 Reasons Your Applications are Attractive to Adversaries
 
5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...
5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...
5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...
 
Amy DeMartine - 7 Habits of Rugged DevOps
Amy DeMartine - 7 Habits of Rugged DevOpsAmy DeMartine - 7 Habits of Rugged DevOps
Amy DeMartine - 7 Habits of Rugged DevOps
 
Intelligence on the Intractable Problem of Software Security
Intelligence on the Intractable Problem of Software SecurityIntelligence on the Intractable Problem of Software Security
Intelligence on the Intractable Problem of Software Security
 
How do YOU compare to others in Mobile DevOps Performance, Productivity, and ...
How do YOU compare to others in Mobile DevOps Performance, Productivity, and ...How do YOU compare to others in Mobile DevOps Performance, Productivity, and ...
How do YOU compare to others in Mobile DevOps Performance, Productivity, and ...
 
Aliens in Your Apps!
Aliens in Your Apps!Aliens in Your Apps!
Aliens in Your Apps!
 
We are excited to announce that our new State of Software Security (SOSS) rep...
We are excited to announce that our new State of Software Security (SOSS) rep...We are excited to announce that our new State of Software Security (SOSS) rep...
We are excited to announce that our new State of Software Security (SOSS) rep...
 
The State of Software Security 2022 SOSS - Solution
The State of Software Security 2022 SOSS - SolutionThe State of Software Security 2022 SOSS - Solution
The State of Software Security 2022 SOSS - Solution
 
Software Security Assurance for DevOps
Software Security Assurance for DevOpsSoftware Security Assurance for DevOps
Software Security Assurance for DevOps
 
Software Security Assurance for Devops
Software Security Assurance for DevopsSoftware Security Assurance for Devops
Software Security Assurance for Devops
 
From Zero to DevSecOps: How to Implement Security at the Speed of DevOps
From Zero to DevSecOps: How to Implement Security at the Speed of DevOps From Zero to DevSecOps: How to Implement Security at the Speed of DevOps
From Zero to DevSecOps: How to Implement Security at the Speed of DevOps
 
White Paper: 7 Security Gaps in the Neglected 90% of your Applications
White Paper: 7 Security Gaps in the Neglected 90% of your ApplicationsWhite Paper: 7 Security Gaps in the Neglected 90% of your Applications
White Paper: 7 Security Gaps in the Neglected 90% of your Applications
 
Case Closed with IBM Application Security on Cloud infographic
Case Closed with IBM Application Security on Cloud infographicCase Closed with IBM Application Security on Cloud infographic
Case Closed with IBM Application Security on Cloud infographic
 
The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour...
The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour... The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour...
The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour...
 
Why Patch Management is Still the Best First Line of Defense
Why Patch Management is Still the Best First Line of DefenseWhy Patch Management is Still the Best First Line of Defense
Why Patch Management is Still the Best First Line of Defense
 
Aliens in Your Apps! Are You Using Components With Known Vulnerabilities?
Aliens in Your Apps! Are You Using Components With Known Vulnerabilities?Aliens in Your Apps! Are You Using Components With Known Vulnerabilities?
Aliens in Your Apps! Are You Using Components With Known Vulnerabilities?
 
Shifting the conversation from active interception to proactive neutralization
Shifting the conversation from active interception to proactive neutralization Shifting the conversation from active interception to proactive neutralization
Shifting the conversation from active interception to proactive neutralization
 
The Illusion of Control: Seven Deadly Wastes in Your Devops Practice
The Illusion of Control: Seven Deadly Wastes in Your Devops PracticeThe Illusion of Control: Seven Deadly Wastes in Your Devops Practice
The Illusion of Control: Seven Deadly Wastes in Your Devops Practice
 
Veracode State of Software Security vol 4
Veracode State of Software Security vol 4Veracode State of Software Security vol 4
Veracode State of Software Security vol 4
 

Mais de SBWebinars

Securing Mobile Apps, From the Inside Out
Securing Mobile Apps, From the Inside OutSecuring Mobile Apps, From the Inside Out
Securing Mobile Apps, From the Inside OutSBWebinars
 
SAP Concur’s Cloud Journey
SAP Concur’s Cloud JourneySAP Concur’s Cloud Journey
SAP Concur’s Cloud JourneySBWebinars
 
Top Cybersecurity Threats and How SIEM Protects Against Them
Top Cybersecurity Threats and How SIEM Protects Against ThemTop Cybersecurity Threats and How SIEM Protects Against Them
Top Cybersecurity Threats and How SIEM Protects Against ThemSBWebinars
 
Software-Defined Segmentation Done Easily, Quickly and Right
Software-Defined Segmentation Done Easily, Quickly and RightSoftware-Defined Segmentation Done Easily, Quickly and Right
Software-Defined Segmentation Done Easily, Quickly and RightSBWebinars
 
Don’t Get Stuck in The Encryption Stone Age: Get Decrypted Visibility with Am...
Don’t Get Stuck in The Encryption Stone Age: Get Decrypted Visibility with Am...Don’t Get Stuck in The Encryption Stone Age: Get Decrypted Visibility with Am...
Don’t Get Stuck in The Encryption Stone Age: Get Decrypted Visibility with Am...SBWebinars
 
The Next Generation of Application Security
The Next Generation of Application SecurityThe Next Generation of Application Security
The Next Generation of Application SecuritySBWebinars
 
You're Bleeding. Exposing the Attack Surface in your Supply Chain
You're Bleeding. Exposing the Attack Surface in your Supply ChainYou're Bleeding. Exposing the Attack Surface in your Supply Chain
You're Bleeding. Exposing the Attack Surface in your Supply ChainSBWebinars
 
Demystifying PCI Software Security Framework: All You Need to Know for Your A...
Demystifying PCI Software Security Framework: All You Need to Know for Your A...Demystifying PCI Software Security Framework: All You Need to Know for Your A...
Demystifying PCI Software Security Framework: All You Need to Know for Your A...SBWebinars
 
Top 10 Threats to Cloud Security
Top 10 Threats to Cloud SecurityTop 10 Threats to Cloud Security
Top 10 Threats to Cloud SecuritySBWebinars
 
Deploying Secure Modern Apps in Evolving Infrastructures
Deploying Secure Modern Apps in Evolving InfrastructuresDeploying Secure Modern Apps in Evolving Infrastructures
Deploying Secure Modern Apps in Evolving InfrastructuresSBWebinars
 
Reduce the Burden Of Managing SAP With Enterprise Identity Management
Reduce the Burden Of Managing SAP With Enterprise Identity ManagementReduce the Burden Of Managing SAP With Enterprise Identity Management
Reduce the Burden Of Managing SAP With Enterprise Identity ManagementSBWebinars
 
Maturing DevSecOps: From Easy to High Impact
Maturing DevSecOps: From Easy to High ImpactMaturing DevSecOps: From Easy to High Impact
Maturing DevSecOps: From Easy to High ImpactSBWebinars
 
How to Kickstart Security and Compliance for Your AWS, Azure, and GCP Clouds
How to Kickstart Security and Compliance for Your AWS, Azure, and GCP CloudsHow to Kickstart Security and Compliance for Your AWS, Azure, and GCP Clouds
How to Kickstart Security and Compliance for Your AWS, Azure, and GCP CloudsSBWebinars
 
Reducing Risk of Credential Compromise at Netflix
Reducing Risk of Credential Compromise at NetflixReducing Risk of Credential Compromise at Netflix
Reducing Risk of Credential Compromise at NetflixSBWebinars
 
2018 Black Hat Hacker Survey Report: What Hackers Really Think About Your Cyb...
2018 Black Hat Hacker Survey Report: What Hackers Really Think About Your Cyb...2018 Black Hat Hacker Survey Report: What Hackers Really Think About Your Cyb...
2018 Black Hat Hacker Survey Report: What Hackers Really Think About Your Cyb...SBWebinars
 
Flow Metrics: What They Are & Why You Need Them
Flow Metrics: What They Are & Why You Need ThemFlow Metrics: What They Are & Why You Need Them
Flow Metrics: What They Are & Why You Need ThemSBWebinars
 
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud ThreatsBeyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud ThreatsSBWebinars
 
Building Blocks of Secure Development: How to Make Open Source Work for You
Building Blocks of Secure Development: How to Make Open Source Work for YouBuilding Blocks of Secure Development: How to Make Open Source Work for You
Building Blocks of Secure Development: How to Make Open Source Work for YouSBWebinars
 
Take a Bite Out of the Remediation Backlog
Take a Bite Out of the Remediation BacklogTake a Bite Out of the Remediation Backlog
Take a Bite Out of the Remediation BacklogSBWebinars
 
The Trick to Passing Your Next Compliance Audit
The Trick to Passing Your Next Compliance AuditThe Trick to Passing Your Next Compliance Audit
The Trick to Passing Your Next Compliance AuditSBWebinars
 

Mais de SBWebinars (20)

Securing Mobile Apps, From the Inside Out
Securing Mobile Apps, From the Inside OutSecuring Mobile Apps, From the Inside Out
Securing Mobile Apps, From the Inside Out
 
SAP Concur’s Cloud Journey
SAP Concur’s Cloud JourneySAP Concur’s Cloud Journey
SAP Concur’s Cloud Journey
 
Top Cybersecurity Threats and How SIEM Protects Against Them
Top Cybersecurity Threats and How SIEM Protects Against ThemTop Cybersecurity Threats and How SIEM Protects Against Them
Top Cybersecurity Threats and How SIEM Protects Against Them
 
Software-Defined Segmentation Done Easily, Quickly and Right
Software-Defined Segmentation Done Easily, Quickly and RightSoftware-Defined Segmentation Done Easily, Quickly and Right
Software-Defined Segmentation Done Easily, Quickly and Right
 
Don’t Get Stuck in The Encryption Stone Age: Get Decrypted Visibility with Am...
Don’t Get Stuck in The Encryption Stone Age: Get Decrypted Visibility with Am...Don’t Get Stuck in The Encryption Stone Age: Get Decrypted Visibility with Am...
Don’t Get Stuck in The Encryption Stone Age: Get Decrypted Visibility with Am...
 
The Next Generation of Application Security
The Next Generation of Application SecurityThe Next Generation of Application Security
The Next Generation of Application Security
 
You're Bleeding. Exposing the Attack Surface in your Supply Chain
You're Bleeding. Exposing the Attack Surface in your Supply ChainYou're Bleeding. Exposing the Attack Surface in your Supply Chain
You're Bleeding. Exposing the Attack Surface in your Supply Chain
 
Demystifying PCI Software Security Framework: All You Need to Know for Your A...
Demystifying PCI Software Security Framework: All You Need to Know for Your A...Demystifying PCI Software Security Framework: All You Need to Know for Your A...
Demystifying PCI Software Security Framework: All You Need to Know for Your A...
 
Top 10 Threats to Cloud Security
Top 10 Threats to Cloud SecurityTop 10 Threats to Cloud Security
Top 10 Threats to Cloud Security
 
Deploying Secure Modern Apps in Evolving Infrastructures
Deploying Secure Modern Apps in Evolving InfrastructuresDeploying Secure Modern Apps in Evolving Infrastructures
Deploying Secure Modern Apps in Evolving Infrastructures
 
Reduce the Burden Of Managing SAP With Enterprise Identity Management
Reduce the Burden Of Managing SAP With Enterprise Identity ManagementReduce the Burden Of Managing SAP With Enterprise Identity Management
Reduce the Burden Of Managing SAP With Enterprise Identity Management
 
Maturing DevSecOps: From Easy to High Impact
Maturing DevSecOps: From Easy to High ImpactMaturing DevSecOps: From Easy to High Impact
Maturing DevSecOps: From Easy to High Impact
 
How to Kickstart Security and Compliance for Your AWS, Azure, and GCP Clouds
How to Kickstart Security and Compliance for Your AWS, Azure, and GCP CloudsHow to Kickstart Security and Compliance for Your AWS, Azure, and GCP Clouds
How to Kickstart Security and Compliance for Your AWS, Azure, and GCP Clouds
 
Reducing Risk of Credential Compromise at Netflix
Reducing Risk of Credential Compromise at NetflixReducing Risk of Credential Compromise at Netflix
Reducing Risk of Credential Compromise at Netflix
 
2018 Black Hat Hacker Survey Report: What Hackers Really Think About Your Cyb...
2018 Black Hat Hacker Survey Report: What Hackers Really Think About Your Cyb...2018 Black Hat Hacker Survey Report: What Hackers Really Think About Your Cyb...
2018 Black Hat Hacker Survey Report: What Hackers Really Think About Your Cyb...
 
Flow Metrics: What They Are & Why You Need Them
Flow Metrics: What They Are & Why You Need ThemFlow Metrics: What They Are & Why You Need Them
Flow Metrics: What They Are & Why You Need Them
 
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud ThreatsBeyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
 
Building Blocks of Secure Development: How to Make Open Source Work for You
Building Blocks of Secure Development: How to Make Open Source Work for YouBuilding Blocks of Secure Development: How to Make Open Source Work for You
Building Blocks of Secure Development: How to Make Open Source Work for You
 
Take a Bite Out of the Remediation Backlog
Take a Bite Out of the Remediation BacklogTake a Bite Out of the Remediation Backlog
Take a Bite Out of the Remediation Backlog
 
The Trick to Passing Your Next Compliance Audit
The Trick to Passing Your Next Compliance AuditThe Trick to Passing Your Next Compliance Audit
The Trick to Passing Your Next Compliance Audit
 

Último

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 

Último (20)

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 

The State of Open Source Vulnerabilities Management

  • 1. THE STATE OF OPEN SOURCE VULNERABILITIES MANAGEMENT Presented by: Rami Elron, Senior Director of Product Management at WhiteSource
  • 2. Key Findings: 1 Reported open source security vulnerabilities are on the rise. 2 The absence of standard practices and developer- focused tools lead to inefficient handling of open source vulnerabilities. 3 Prioritization is crucial to ensure companies address the most critical vulnerabilities on time. 4 Prioritization based on usage analysis can reduce security alerts by 70% to 85%.
  • 4. The number of disclosed open source vulnerabilities rose by over 50% in 2017 NUMBER OF REPORTED OPEN SOURCE VULNERABILITIES ROSE BY 51.2% IN 2017
  • 5. FREQUENCY OF USE OF OPEN SOURCE COMPONENTS of developers rely on open source components 96.8%
  • 6. of all open source projects are vulnerable, but when it comes to the most popular open source projects… 7.5%
  • 7. But, it's not all bad. The rise in awareness also led to a sharp rise in suggested fixes… of all reported vulnerabilities have at least one suggested fix in the open source community 97.4%
  • 8. Information about vulnerabilities is scattered across hundreds of resources, usually poorly indexed and therefore unsearchable OF REPORTED OPEN SOURCE VULNERABILITIES APPEAR IN THE CVE DATABASE 86% OVER
  • 9. DEVELOPERS ARE NOT EFFICIENTLY MANAGING OPEN SOURCE VULNERABILITIES 2
  • 10. Developers rated security vulnerabilities as the #1 challenge when using open source components TOP CHALLENGES IN USING OPEN SOURCE COMPONENTS
  • 11. Developers spend 15 hours each month dealing with open source vulnerabilities (e.g. reviewing, discussing, addressing, remediating, etc.) The cost is even higher, considering that the more experienced developers are the ones remediating HOURS SPENT ON OPEN SOURCE VULNERABILITIES PER DEVELOPERS' EXPERIENCE
  • 12. WHAT DO YOU DO WHEN A VULNERABILITY IS FOUND? 1.0% 34.1% 13.3% 18.7% 33.0% Out of the monthly 15 hours only 3.8 hours are invested in remediation. The lack of set practices and tools can explain these inefficiencies.
  • 13. PRIORITIZATION IS KEY TO OPEN SOURCE VULNERABILITY MANAGEMENT 3
  • 14. Perfect security is impossible. Zero risk is impossible. We must bring prioritization of application vulnerabilities to DevSecOps. In a futile attempt to remove all possible vulnerabilities from applications, we are slowing developers down and wasting their time chasing issues that aren’t real. 10 Things to Get Right for Successful DevSecOps Neil MacDonald, Gartner
  • 15. 25.2% 11.6% 15.1% 17.3% Survey results show that developers prioritize remediation of vulnerabilities based on available information, not necessarily on the impact of a vulnerability on the security of an application. 14.7% 16.2%
  • 16. Security teams analyze and prioritize vulnerabilities Sending emails or opening issues/tickets Closing the loop on resolution is hard The Common Way of Handling Security Vulnerabilities
  • 17. Bridging the Gap is a Must Security DevOps Developers
  • 18. WhiteSource Software Confidential ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? Reported Vulnerabilities Can you really handle all of them? Which ones constitute a real risk? Which ones should be addressed first? Effective Vulnerabilities Less to deal with. Much less.vs. The Secret to Prioritization: Reported Vulnerabilities are not Necessarily EFFECTIVE Focusing on Effective Vulnerabilities Could Enable: Better development efficiency Better development effectiveness Better security
  • 19. A new approach to prioritizing vulnerabilities - based their impact on an application’s security EFFECTIVE VULNERABILITY If the proprietary code is making calls to the vulnerable functionality INEFFECTIVE VULNERABILITY If the proprietary code is NOT making calls to the vulnerable functionality EFFECTIVE VS INEFFECTIVE VULNERABILITIES IN A COMPONENT
  • 20. After testing 2,000 Java applications, WhiteSource found that 72% of all detected vulnerabilities were deemed ineffective. Based on the data collected in our survey, this can be translated to saving 10.5 hours per month per each developer (70% of 15 monthly hours).
  • 22. Effective Usage Analysis is the technology of prioritizing open source vulnerabilities based on the way they are used by the application. Our beta testing on 25 commercial applications from 12 organizations showed that: analyzed projects were found to be vulnerable of the vulnerabilities (effective and ineffective) were found in transitive dependencies of all vulnerability alerts were found to be ineffective of all analyzed projects were found to contain only ineffective vulnerabilities ALL 90% 86% 64%
  • 23. Q&A