How Much Open Source Code Is in Your Software? It’s More Than You Think

Logo
Presented by

Brittany O'Shea, Product Marketing Manager at Veracode

About this talk

Developers are being asked to push out more software —and in shorter periods of time —than ever before. In turn, they are increasingly relying on open source libraries, which allow them to add functionality to their code without having to build it from scratch. As a result, software today is rarely completely made of first-party code, and is more often “assembled” from other sources. In fact, our most recent State of Software Security report found that a typical Java application is made up of 97 percent open source code. And that open source code is leaving organizations vulnerable to cyberattacks. Our State of Software Security: Open Source Edition report found that 70 percent of applications have a security flaw in an open source library. However, simply using open source libraries isn’t a security threat to the business. The real problem is not knowing that what you’re using contains vulnerabilities and that they’re exploitable in your application. Software composition analysis solutions can help, but many are coming up short. The main challenges with current solutions are that they are based on the NVD database, which is frequently not up to date, they are hard to manage and scale, and developers are not empowered to fix security issues. Join this session to find out: •Trends in open source library use •Best practices in software composition analysis •How to continue using open source libraries without getting bogged down with security tests
Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (396)
Subscribers (31055)
Veracode is intelligent software security. The Veracode Software Security Platform continuously finds flaws and vulnerabilities at every stage of the modern software development lifecycle. Prompted by powerful AI trained by trillions of lines of code, Veracode customers fix flaws faster with high accuracy. Trusted by security teams, developers, and business leaders from thousands of the world’s leading organizations, Veracode is the pioneer, continuing to redefine what intelligent software security means. Learn more at www.veracode.com