OWASP AppSec DC 2012/The Unfortunate Reality of Insecure Libraries

Revision as of 19:53, 11 March 2012 by Mark.bristow (talk | contribs)

Jump to: navigation, search


Registration Now OPEN! | Hotel | Schedule | Convention Center | AppSecDC.org

The Presentation

Many organizations have started application security programs to focus on finding and subsequently preventing vulnerabilities in their custom code. However, the widespread use of common libraries introduces risks that are widely ignored and unappreciated. In this study, we analyze over 113 million library downloads from the Maven Central repository of the 31 most popular Java frameworks and security libraries by over 500,000 companies. The data show that there are a surprising amount of libraries with known vulnerabilities in common use. We also conclude that most organizations do not appear to have a strong process in place for ensuring that the libraries they rely on are up-to-date and free from known vulnerabilities.

The Speakers

Arshan Dabirsiaghi

Owasp logo normal.jpg

Jeff Williams

Owasp logo normal.jpg

Gold Sponsors

Aspect logo owasp.jpg AppSecDC2009-Sponsor-securicon.gif AppSecDC2009-Sponsor-mandiant.gif AppSecDC2012-ISC2.gif

Silver Sponsors


Small Business

AppSecDC2012-Sponsor-sideas.gif BayShoreNetworks.png


link=http://www.codenomicon.com/ Codenomicon WhiteHat Logo.png AppSecDC2012-HP.jpg WSI - Logo.jpg