The Life and Times of Open Source Libraries

Presented by

Tom Smith / Sr Solution Architect

About this talk

Software today is rarely completely made of first-party code, and is more often “assembled” from other sources. This reusable code and functionality that developers have become more reliant on also comes with reusable vulnerabilities, and this open-source foundation most apps are now built upon is not like a solid, cement house foundation, but more like a shifting pile of gravel and sand. These libraries are in a constant state of flux, including their security status. Join this talk to get the data and analysis of our latest State of Software Security report, we analysed over 301,000 open-source libraries. Join this session to learn: - The most popular vulnerable libraries - How developers choose libraries for their applications - How often open-source libraries are updated, and why that matters - What is holding developers back from addressing security vulnerabilities in open-source code - The scope of the fixes required to address vulnerabilities in open-source code - Best practices for managing open-source libraries

Related topics:

More from this channel

Upcoming talks (3)
On-demand talks (391)
Subscribers (31005)
Veracode is intelligent software security. The Veracode Software Security Platform continuously finds flaws and vulnerabilities at every stage of the modern software development lifecycle. Prompted by powerful AI trained by trillions of lines of code, Veracode customers fix flaws faster with high accuracy. Trusted by security teams, developers, and business leaders from thousands of the world’s leading organizations, Veracode is the pioneer, continuing to redefine what intelligent software security means. Learn more at