The benefits of using open source software are well known, well documented and well leveraged by organisations all over the world. The risks of using open source software are not always as well understood. The risks are real and there’s always more which can be done to manage risk but at what cost?
Attend this keynote for a discussion on the results of a four-year, industry-wide study on application security practices, policies, and trends related to open source development. To date, over 11,000 professionals have participated in the study.
Among the surprising survey results that will be discussed:
1-in-3 organizations had or suspected an open source breach in the past 12 months
Only 16% of participants must prove they are not using components with known vulnerabilities
64% don't track changes in open source vulnerability data
4. Reach the desired outcome in the most efficient way:
•using the least amount of effort
•with the smallest total cost
•(and maybe in the shortest possible time)
15. Even when component versions are updated 4-5 times a year to fix known security, license or quality issues1.
The majority of developers don’t track component vulnerability over time.
20. Make any process predictable, make it repeatable, automate it Make the right way the easy way
21. Get the people with the right skills involved in the right places Turn data into useable information Give developers the information they need to make informed decisions