Security Vulnerabilities in Third Party Code: FIX ALL THE THINGS!

Kymberlee Price

Senior Director of Researcher Operations, Bugcrowd

Many developers today are turning to well established third-party libraries to speed the development process and realize quality improvements over creating an in-house proprietary font parsing or image rendering library from the ground up. Efficiency comes at a cost though: a single application may have as many as 100 different third party libraries implemented. The result is that third-party and open source libraries have the ability to spread a single vulnerability across multiple products- exposing enterprises and requiring software vendors and IT organizations to patch the same vulnerability repeatedly.

How big of a problem is this? What libraries are the biggest offenders for spreading pestilence? And what can be done to minimize this problem? This presentation will dive deep into vulnerability data and explore the source and spread of these vulnerabilities through products – as well as actions developers, the security research community, and enterprise customers can take to address this problem.

Tags: ,

Location: Salon D
April 12th, 2016
2:45 PM - 3:45 PM