Open Source Supply Chains and Consumption Risk presented at DevSecConBoston 2018

by Tim Mackey,

Summary : Open source development is the new normal for software development, but legacy paradigms and point in time decisions create security risks. In this talk, I’ll cover some of the lessons observed from Black Duck’s 2018 Open Source Security and Risk Analysis report. Topics covered will include:How publicity of disclosures impact patch success;Development velocity and the use of vulnerable components;An industry view on software risks