What's in your software? Reduce risk from third-party and open source components.

  • Tuesday, 18 Nov 2014 11:00AM EDT (18 Nov 2014 16:00 UTC)
  • Speakers: Adrian Lane, Phil Neray

In order to meet the demands of agile development and to accelerate thedelivery of applications, it has become best practice for developers tointegrate third-party and open source components into their home-grownapplications. However, many widely downloaded components contain criticalvulnerabilities, which can lead to serious exploits such as DoS attacks andremote code execution. The task of identifying and updating publicly-knownvulnerabilities can be daunting for most development organizations - leavingcountless web and mobile applications vulnerable, even after a threat isdiscovered. Join Adrian Lane, Analyst & CTO of Securosis and Goran Begic,Product Manager at Veracode as they discuss how software compositionanalysis addresses this challenge by providing automated governance tomanage third-party and open source components.

In this technical webinar, you'll learn:

  • Why agile, component-based development has become the norm
  • Why the OWASP Top 10, PCI & FS-ISAC require controls to ensure components with known vulnerabilities are not being used
  • Why tracking and updating vulnerable components is such a dauntingtask
  • How to quickly identify all applications in your portfolio that usevulnerable components
  • How to simplify automated governance with a single cloud-based platform for SAST, DAST, behavioral analysis and software composition analysis - across web, mobile and third-party applications