Final days to save $300 off practical cyber security training during SANSFIRE 2021! Choose from 30 Live Online courses.


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Sorry, the slides for this webcast are not available for download.

What's in your software? Reduce risk from third-party and open source components.

  • Tuesday, November 18, 2014 at 11:00 AM EDT (2014-11-18 16:00:00 UTC)
  • Phil Neray, Adrian Lane


  • Veracode

You can now attend the webcast using your mobile device!



In order to meet the demands of agile development and to accelerate the delivery of applications, it has become best practice for developers to integrate third-party and open source components into their home-grown applications. However, many widely downloaded components contain critical vulnerabilities, which can lead to serious exploits such as DoS attacks and remote code execution. The task of identifying and updating publicly-known vulnerabilities can be daunting for most development organizations - leaving countless web and mobile applications vulnerable, even after a threat is discovered. Join Adrian Lane, Analyst & CTO of Securosis and Goran Begic, Product Manager at Veracode as they discuss how software composition analysis addresses this challenge by providing automated governance to manage third-party and open source components.

In this technical webinar, you'll learn:

  • Why agile, component-based development has become the norm
  • Why the OWASP Top 10, PCI & FS-ISAC require controls to ensure components with known vulnerabilities are not being used
  • Why tracking and updating vulnerable components is such a daunting task
  • How to quickly identify all applications in your portfolio that use vulnerable components
  • How to simplify automated governance with a single cloud-based platform for SAST, DAST, behavioral analysis and software composition analysis - across web, mobile and third-party applications

Speaker Bios

Adrian Lane

Adrian is a Security Strategist and brings over 22 years of industry experience to the Securosis team, much of it at the executive level. Adrian specializes in database security, data security, and software development. With experience at Ingres, Oracle, and Unisys, he has extensive experience in the vendor community, but brings a pragmatic perspective to selecting and deploying technologies having worked on "the other side" as CIO in the finance vertical. Prior to joining Securosis, Adrian served as the CTO/VP at companies such as IPLocks, Touchpoint, CPMi and Transactor/Brodia. He has been invited to present at dozens of security conferences, contributed articles to many major publications, and is easily recognizable by his "network hair" and propensity to wear loud colors. Once you get past his windy rants on data security and incessant coffee consumption, he is quite entertaining.

Adrian is a Computer Science graduate of the University of California at Berkeley with post-graduate work in operating systems at Stanford University. He can be reached at alane (at) securosis (dot) com.

Phil Neray

Phil Neray is Veracode's VP of enterprise security strategy and has been involved with cyber-security for 15+ years. He was previously VP of security strategy and marketing for Guardium, the database security company (acquired by IBM). Phil is certified in cloud security (CCSK), holds a BSEE from McGill University and is a brown belt in American Jiu-Jitsu.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.