Back To Schedule
Thursday, September 18 • 1:00pm - 1:45pm
11,000 Voices: Experts Shed Light on 4-Year Open Source & AppSec Survey

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

In 2013, OWASP updated its top 10 list to include “(A9) Avoiding the use of open source components with known vulnerabilities.” The guideline was added as OWASP leaders came to understand that 90% of a typical application is composed of open source components.

In this session, a senior panel of application security experts will share and discuss the results of a four-year, industry-wide study on application security practices, drivers, and trends within the open source development community. To date, over 11,000 professionals have participated in the study.

Among the surprising survey responses, panelists will share their perspectives on:

 75% of organizations are not enforcing their open source policies
 Only 16% of participants must prove they are not using components with known vulnerabilities
 64% don't track changes in open source vulnerability data

This annual study in 2014 was run during the month of April, right in the wake of the notorious open source Heartbleed bug announcement. Over 3,000 participated in the 2014 study with results directly reflecting the state of organization's preparedness to react to Heartbleed and any future vulnerabilities.

avatar for Derek Weeks

Derek Weeks

Vice President, Sonatype
Derek E. Weeks is the world's foremost researcher on the topic of DevSecOps and securing software supply chains. For the past five years, he has championed the research of the annual State of the Software Supply Chain Report and the DevSecOps Community Survey. Derek is a huge advocate... Read More →

Thursday September 18, 2014 1:00pm - 1:45pm MDT
Colorado Ballroom A-D [Mgmt/DevOps] Denver Marriott City Center