Search This Blog

Wednesday, April 30, 2014

Wendy Nather & Josh Corman on Implications of Using Vulnerable Components

Hi,

Have you had a chance to look at the 2014 Verizon Data Breach Investigation Report yet? To me, this quote really says it all: "We need more secure software, not more security software." With all the application security tools and testing in place the attackers are still getting in.

How can we build more secure software from the start? And how can we monitor across the software lifecycle in a way that makes it easy for developers to support risk management practices? As Gartner Analyst, Sean Kenefick put it in a recent report: "Unhappy developers work around governance."

Our CTO, Josh Corman has partnered with Wendy Nather, Security Research Director at 451 Research to share recent lessons learned in the wake of Heartbleed, Struts and other critical open source vulnerabilities. Now more than ever, it's time to discuss the real implications of these security risks and how we can start to 'build in' security not 'bolt on' security.

If you're free May 1st at 12pm ET, this is a session you won't want to miss. You can register here.

Hope to see you there!

Jessica Dodson
 

 
FS-ISAC Webcast: Best Practices for Managing Risk from Open Source Libraries and Components
 

The pressures of modern application development require us to build high quality software in short order. Because of this, we've seen a dramatic shift from source code to component-based development, where now 90% of the typical application is assembled using open source and third party components. Unfortunately, our dependence on components is growing faster than our ability to secure them.

Join Wendy Nather, Security Research Director at 451 Research and Josh Corman, CTO at Sonatype as they are re-united for a collaborative and interactive discussion to share their perspective on the importance of securing components, now the preferred attack surface in today's applications. From this online discussion, you'll learn how you can:

  • Balance spend and risk in application security, by focusing on the neglected 90%
  • Avoid future 'Heartbleed' vulnerabilities with better component visibility
  • Make a big impact with little effort by not using components with known vulnerabilities
  • Avoid elective risk and rework by automating policies earlier in the software development lifecycle

May 1st, 2014
12:00pm EDT (GMT-0400)

Register Now
Register Now

 
Wendy Nather
Wendy Nather
Security Research Director
451 Research
 
Joshua Corman
Joshua Corman
CTO, Sonatype

New vulnerabilities are being identified everyday giving hackers new entry points and multiplying our risk. The good news is addressing component security is the easiest and least expensive of all application security methods. Join us to learn how you can start to avoid this unnecessary risk by expanding to a more holistic and effective application security approach. Register now!

Register Now

Manage Email Preferences

Sonatype Inc.   |   8161 Maple Lawn Blvd, Suite 250   |   Fulton, MD 20759   |   1.877.866.2836   |   Privacy Policy

No comments: