This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Thursday, September 18 • 1:00pm - 1:45pm
11,000 Voices: Experts Shed Light on 4-Year Open Source & AppSec Survey

Sign up or log in to save this to your schedule and see who's attending!

In 2013, OWASP updated its top 10 list to include “(A9) Avoiding the use of open source components with known vulnerabilities.” The guideline was added as OWASP leaders came to understand that 90% of a typical application is composed of open source components.

In this session, a senior panel of application security experts will share and discuss the results of a four-year, industry-wide study on application security practices, drivers, and trends within the open source development community. To date, over 11,000 professionals have participated in the study.

Among the surprising survey responses, panelists will share their perspectives on:

 75% of organizations are not enforcing their open source policies
 Only 16% of participants must prove they are not using components with known vulnerabilities
 64% don't track changes in open source vulnerability data

This annual study in 2014 was run during the month of April, right in the wake of the notorious open source Heartbleed bug announcement. Over 3,000 participated in the 2014 study with results directly reflecting the state of organization's preparedness to react to Heartbleed and any future vulnerabilities.

avatar for Derek E. Weeks

Derek E. Weeks

VP and DevSecOps Advocate, Sonatype
After flying to 40 countries and racing through a half-Ironman competition, Derek woke up one morning on the top of Kilimanjaro and saw the world in a new light. Soon after, Derek become a huge advocate of applying proven supply chain management principles into DevOps practices to improve efficiencies and sustain long-lasting competitive advantages. He currently serves as vice president and DevOps advocate at Sonatype, creators of the Nexus... Read More →

Thursday September 18, 2014 1:00pm - 1:45pm
Colorado Ballroom A-D [Mgmt/DevOps] Denver Marriott City Center