Thursday, September 18 • 1:00pm - 1:45pm
11,000 Voices: Experts Shed Light on 4-Year Open Source & AppSec Survey

Sign up or log in to save this to your schedule and see who's attending!

In 2013, OWASP updated its top 10 list to include “(A9) Avoiding the use of open source components with known vulnerabilities.” The guideline was added as OWASP leaders came to understand that 90% of a typical application is composed of open source components.

In this session, a senior panel of application security experts will share and discuss the results of a four-year, industry-wide study on application security practices, drivers, and trends within the open source development community. To date, over 11,000 professionals have participated in the study.

Among the surprising survey responses, panelists will share their perspectives on:

 75% of organizations are not enforcing their open source policies
 Only 16% of participants must prove they are not using components with known vulnerabilities
 64% don't track changes in open source vulnerability data

This annual study in 2014 was run during the month of April, right in the wake of the notorious open source Heartbleed bug announcement. Over 3,000 participated in the 2014 study with results directly reflecting the state of organization's preparedness to react to Heartbleed and any future vulnerabilities.

avatar for Derek Weeks

Derek Weeks

VP, Sonatype
Derek E. Weeks, Vice President, Sonatype. Derek is a huge advocate of applying proven supply chain management principles into DevOps practices to improve efficiencies and sustain long-lasting competitive advantages. He currently serves as vice president and DevOps advocate at So... Read More →

Thursday September 18, 2014 1:00pm - 1:45pm
Colorado Ballroom A-D [Mgmt/DevOps] Denver Marriott City Center