Loading…
LASCON 2014 has ended
Friday, October 24 • 3:00pm - 3:45pm
PANEL: 11,000 Voices: Experts Shed Light on 4-Year Open Source & AppSec Survey

Sign up or log in to save this to your schedule and see who's attending!

This session will be educational, interactive, and controversial. And, oh yes, fun. 

We all know that OWASP recently updated its top 10 list to include “(A9) Avoiding the use of open source components with known vulnerabilities.” The guideline was added as OWASP leaders came to understand that 90% of a typical application is composed of open source components. In this session, our panel of senior application security experts will share and discuss the results of a four-year, industry-wide study on application security practices, policies, and trends within the open source development community. To date, over 11,000 professionals have participated in the study. 

Among the surprising survey responses, panelists will kick around: 

 1-in-3 organizations had or suspected an open source breach in the past 12 months 
 Only 16% of participants must prove they are not using components with known vulnerabilities 
 64% don't track changes in open source vulnerability data 

This annual study in 2014 was run during the month of April, right in the wake of the notorious open source Heartbleed bug announcement. Over 3,300 participated in the 2014 study with results directly reflecting the state of organization's preparedness to react to Heartbleed and any future vulnerabilities. 

Objectives and Outcomes: 

 The moderator will engaged the audience by polling them on a survey question prior to its discussion. 
 Panelists will share their perspectives on application security from the 2014 survey results, helping to increase awareness of open source component use, vulnerabilities, and best practices 
 Panelist will also reveal trends recognized across the four-year study to show where application security practices are getting better and where they are getting worse. 
 Attendees will learn from the study results and be encouraged to share them within their own organizations. While the stats may surprise attendees, the most value they will get from the session is from provoking discussions with the data in there own organizations. 

All participants will receive a copy of the survey results to take notes on and then share within their own organizations. 

Our expert panel for this discussion includes: 

 Oleg Gryb, Application Security Architect, Intuit 
 James Wickett, Sr. DevOps Engineer, Mentor Graphics 
 Matt Tesauro, Sr. Product Security Engineer, Rackspace + OWASP Foundation 
 Ryan Berg, Chief Security Officer, Sonatype

Moderators
avatar for Derek Weeks

Derek Weeks

VP, Sonatype
Derek E. Weeks, Vice President, Sonatype. Derek is a huge advocate of applying proven supply chain management principles into DevOps practices to improve efficiencies and sustain long-lasting competitive advantages. He currently serves as vice president and DevOps advocate at So... Read More →

Speakers
avatar for Oleg Gryb

Oleg Gryb

Chief Security Architect, Visa Inc
Oleg Gryb is Chief Security Architect at Visa Inc. working in security architecture and security engineering domains. He was previously Sr. Manager and de-facto CISO of Samsung’s IoT platform called Artik Cloud.  Before that he worked as Security Architect at Intuit, where he was... Read More →
avatar for Matt Tesauro

Matt Tesauro

Senior AppSec Engineer, Duo Security
Matt Tesauro is currently a Senior AppSec Engineer building an AppSec Pipeline and continuous security program for Duo Security.  Prior, he worked full-time for the OWASP Foundation, adding automation and awesome to OWASP projects as the Operations Director. Previously, he was... Read More →
avatar for James Wickett

James Wickett

Sr. Security Engineer, Verica
James is an innovative thought leader in the DevOps and InfoSec communities and has a passion for helping big companies work like startups to deliver products in the cloud. He got his start in technology when he ran a Web startup company as a student at University of Oklahoma and... Read More →


Friday October 24, 2014 3:00pm - 3:45pm
Red Oak Ballroom Norris Conference Center, http://lascon.org/venue/

Attendees (0)