Joshua Corman’s presentation at ØREDEV 2014 in Sweden brings up the idea of a software supply chain. Josh’s premise is ‘Is OpenSource more secure?” is the wrong question’. Listen to his full presentation and let us know what you think.
Is OpenSource more secure?” is the wrong question. Also, who needs opinion when we have data… This session will provide new quantitative and qualitative analysis of the modern SW Supply Chain. There’s been a dramatic shift from writing code to assembling it, with open-source and third-party components providing the innovation and efficiency developers need. This dependence on components is growing faster than the ability to secure them.
As with Heartbleed, Struts, and the like, shared components are increasingly shared risk. Worse, components are increasingly the preferred attack surface in today’s applications. Growing dependence, coupled with poor security visibility, requires small but important adjustments to application development. Join us for fresh analysis and practical ways to minimize avoidable risk and rework.
Latest posts by Joshua Corman (see all)
- Josh Corman on Keeping up with Hackers [CNBC VIDEO] - August 10, 2015
- We Lack Building Codes for Building Software Code [VIDEO] - June 15, 2015
- Open Season on Open Source? Why It’s Time for a Software Supply Chain - November 17, 2014