AppSecUSA 2015

Organizations are increasingly incorporating open source software into their applications. Leveraging existing software to provide generic functionality results in reduced development costs as well as faster time to market.

However, along with these benefits, this freely available software also comes with an inherent problem – security vulnerabilities. While the advantages of using open source software are obvious, the negative impact on security brought on by their use is insidious.

While organizations spend enormous effort in securing their applications, most of this effort goes toward securing the part of the application that was developed in-house. A relatively small percentage of effort goes toward evaluating vulnerabilities in open source software, if they are considered at all. This makes open source libraries the weakest link in the security chain of an application.

We will present the current status of vulnerabilities in commonly used third party libraries and their impact on your application. We will then discuss an approach to holistically secure your application: a combination of securing in-house code and managing the security risk of third party libraries that are used.