File:Software Composition Analysis OWASP Stammtisch - Stanislav Sivak.pdf

Open Source Software Flood: Learning to swim (Stanislav Sivak) If you want to be in nowadays, you count on open source software (OSS) to stay flexible and avoid reinventing the wheel. Many applications contain more open source code than proprietary code. Using components with known vulnerabilities is one of the most common OWASP risks. In this presentation, we will look at the security, operational and legal challenges associated with the use of third-party components which are mostly open source. Next, we discuss how these risks can be addressed using various make-it-yourself or buy-it approaches so that you can stay atop of the OSS flood. Bio: Stanislav Sivak has held several positions in the IT-security in the last 10 years: starting as a developer, continuing as Linux/database security administrator, however spending most time as consultant, working for the BIG 4, a small German-based company and he currently focuses on everything around the secure software development lifecycle.