Navigating the Shifting Sands of Third-Party Software
Date & Time
Thursday, December 16, 2021, 11:35 AM - 12:05 PM
Chris Eng

Open source code has become ubiquitous in modern software, but recent research highlights some troubling security risks. Veracode’s State of Software Security: Open Source Edition v11 found that 79 percent of third-party libraries are never updated after initial inclusion in a codebase. The research also found it takes more than a year for developers to fix 50 percent of vulnerable libraries. These findings further illustrate the security risk posed by third-party code and a “set it and forget it” mindset. In this session, Chris Eng, Chief Research Officer at Veracode will present these and other research findings, including a deep dive into the most vulnerable libraries and languages, and developer insights into vulnerability remediation habits and techniques. Attendees will gain an understanding of the security implications of third-party libraries and how to manage the ever-changing open source landscape.