Can’t attend? Find another session, or watch previous sessions on demand.
SEE ALL EVENTSLearn and network where heritage blends with modern at the Intercontinental Melbourne. Join us for an afternoon in the laneway rooms, with views to a commissioned graffiti mural by The Blender Studios’ street artists.
Learn and network where heritage blends with modern at the Intercontinental Melbourne. Join us for an afternoon in the laneway rooms, with views to a commissioned graffiti mural by The Blender Studios’ street artists.
Edwin Kwan, Tyro Payments
Third party open-source libraries make up the bulk of most modern applications. Leveraging them allows us to build faster by providing functionality which we would otherwise have to write ourselves. However, not all open-source libraries are created equal, and poor third-party management can result in vulnerabilities being introduced into our applications.
In this session, we will look at just how much open source our applications are using and review some common third-party management gaps in most typical AppSec programs. We will also look at several AppSec best practice approaches for better third-party management.
Cameron Townshend, Sonatype
The Log4shell vulnerability found in the Log4j logging framework has been recognised as one of the most critical vulnerabilities ever, open source or otherwise. And, while the dangers of the Log4j vulnerability remain high, even 4 months out, the situation has highlighted an even bigger issue that is plaguing security professionals and developers: if you don’t know what’s in your software supply chain, you’re already behind.
When a flaw is disclosed, companies are instantly thrust into a race against time to fix it before it can be exploited by an attacker, meaning every minute counts. If you don’t know what’s in your software, you’re effectively giving hackers a huge head start.
While this outlook might seem bleak, Cameron will easy steps you can take to significantly mitigate risk.
Edwin Kwan, Tyro Payments
Third party open-source libraries make up the bulk of most modern applications. Leveraging them allows us to build faster by providing functionality which we would otherwise have to write ourselves. However, not all open-source libraries are created equal, and poor third-party management can result in vulnerabilities being introduced into our applications.
In this session, we will look at just how much open source our applications are using and review some common third-party management gaps in most typical AppSec programs. We will also look at several AppSec best practice approaches for better third-party management.
Cameron Townshend, Sonatype
The Log4shell vulnerability found in the Log4j logging framework has been recognised as one of the most critical vulnerabilities ever, open source or otherwise. And, while the dangers of the Log4j vulnerability remain high, even 4 months out, the situation has highlighted an even bigger issue that is plaguing security professionals and developers: if you don’t know what’s in your software supply chain, you’re already behind.
When a flaw is disclosed, companies are instantly thrust into a race against time to fix it before it can be exploited by an attacker, meaning every minute counts. If you don’t know what’s in your software, you’re effectively giving hackers a huge head start.
While this outlook might seem bleak, Cameron will easy steps you can take to significantly mitigate risk.
Learn from organisations at all phases of their journeys as they talk about the rapidly changing roles within DevSecOps and digital transformations.
Senior IT Decision Makers Hear from senior and executive technology leaders who have successfully implemented governance practices within DevOps transformations.
Collaboration & Learning Connect with industry peers to learn together how to bring together software developers and security professionals to remediate open source risk, without slowing down innovation.
Learn from organisations at all phases of their journeys as they talk about the rapidly changing roles within DevSecOps and digital transformations.
Senior IT Decision Makers Hear from senior and executive technology leaders who have successfully implemented governance practices within DevOps transformations.
Collaboration & Learning Connect with industry peers to learn together how to bring together software developers and security professionals to remediate open source risk, without slowing down innovation.
Sonatype Headquarters - 8161 Maple Lawn Blvd #250, Fulton, MD 20759
Tysons Office - 8281 Greensboro Drive – Suite 630, McLean, VA 22102
Australia Office - 60 Martin Place Level 1, Sydney, NSW 2000, Australia
London Office -168 Shoreditch High Street, E1 6HU London
Subscribe for all the latest software security news and events
Copyright © 2008-present, Sonatype Inc. All rights reserved. Includes the third-party code listed here. Sonatype and Sonatype Nexus are trademarks of Sonatype, Inc. Apache Maven and Maven are trademarks of the Apache Software Foundation. M2Eclipse is a trademark of the Eclipse Foundation. All other trademarks are the property of their respective owners.
Terms of Service Privacy Policy Modern Slavery Statement Event Terms and Conditions Do Not Sell My Personal Information