Cybersecurity , Data Breach , Risk Management

CISO Discussion: Secure Code
CISO Discussion: Secure Code

Most organizations use open-source components to develop applications, but how do you use them safely without bringing additional risk into your organization?

The last thing you need to be doing is introducing open source, well known vulnerabilities. For 78% of companies worldwide that use open source software in their application development, many tools are ineffective in identifying and mitigating open source security risks across their application portfolios.

In this session we'll look at the problem and various techniques for mitigating the risk and explore:

  • The value of static and dynamic tools and where they best fit in the Secure Development Lifecycle
  • Why these tools are not useful in identifying known vulnerabilities in open source components
  • How vulnerable open source components enter code
  • How companies have successfully deployed open source safely
  • Controls development and security professionals can deploy to select, detect, manage and monitor open source for existing and newly disclosed vulnerabilities

Background

In today's connected world, all types of software are exposed to security threats. Vulnerabilities arise from coding errors, architectural missteps, and misconfigurations, offering the "bad guys" ample opportunities for exploitation via the Internet, in the cloud and intelligent devices, or when cybercriminals gain access to assumed-secure systems through other means.

Companies use an array of security weapons to fight back. Many rely on increasingly effective static analysis tools and dynamic analysis tools. However, for the nearly 80% of companies worldwide that use open source software in their application development, these tools are ineffective in identifying and mitigating open source security risks across their application portfolios.

While open source software is no less secure than other software, its use presents unique management and supply chain challenges because 67% of open source users admit they don't monitor open source code for security vulnerabilities.

CISO's and other interested security professionals are invited to join our discussion on getting the most protection from your risk management investment



Around the Network