The Life and Times of Open Source Libraries

Presented by

Tom Smith / Sr Solution Architect

About this talk

Software today is rarely completely made of first-party code, and is more often “assembled” from other sources. This reusable code and functionality that developers have become more reliant on also comes with reusable vulnerabilities, and this open-source foundation most apps are now built upon is not like a solid, cement house foundation, but more like a shifting pile of gravel and sand. These libraries are in a constant state of flux, including their security status. Join this talk to get the data and analysis of our latest State of Software Security report, we analysed over 301,000 open-source libraries. Join this session to learn: - The most popular vulnerable libraries - How developers choose libraries for their applications - How often open-source libraries are updated, and why that matters - What is holding developers back from addressing security vulnerabilities in open-source code - The scope of the fixes required to address vulnerabilities in open-source code - Best practices for managing open-source libraries

Related topics:

About this channel

Veracode
Upcoming talks (3)
On-demand talks (317)
Subscribers (28456)
Veracode delivers the most widely used cloud-based platform for securing web, mobile, legacy and third-party enterprise applications. By identifying critical application-layer threats before cyber-attackers can find and exploit them, Veracode helps enterprises deliver innovation to market faster — without sacrificing security.