Wednesday, January 22, 2014

FS-ISAC Webinar: New Policy Enforcement Approach for 3rd Party Software

View on Mobile or as Web Page
FS-ISAC Webcast: Best Practices for Managing Risk from Open Source Libraries and Components
 

In December, the FS-ISAC Third Party Software Security Working Group released new controls to manage risk associated with open source libraries and components. These controls recommend financial institutions apply policy management and enforcement as well as inventory management for open source libraries and components used in their application portfolio.

Why should open source component management be a top priority?

  • 90% of the typical enterprise application is comprised of open source components
  • 71% of applications were found to contain components with known security flaws classified as severe or critical
  • 76% of organizations have no component management policies in place
  • OWASP now recognizes 'using components with known vulnerabilities' as a top 10 open source security risk

The recent attacks based on the critical vulnerabilities announced in the popular Struts web framework are a perfect example of the severity of the problem. So much so that the FBI issued this alert.

February 5th
1:00pm EST (GMT-0500)

Register Now
Register Now

 
Jim Routh
Jim Routh, CISM, CSSLP
Information Security Leader
 
Joshua Corman
Joshua Corman
CTO, Sonatype

Join this webinar to hear best practices for how to establish effective governance and monitoring across the software supply chain. Register now.

Register Now

Manage Email Preferences

Sonatype Inc.   |   8161 Maple Lawn Blvd, Suite 250   |   Fulton, MD 20759   |   1.877.866.2836   |   Privacy Policy

No comments:

Post a Comment