If you care about security, you should never trust software. If you take that a step further, open source software, components, and libraries are pervasive in software deployed across all types of programs. Though you can identify the latest versions and make sure you are up-to-date at a point in time, there is a myriad of vulnerabilities that don’t have fixes, and when patches are available they can’t often be applied in a timely fashion. What are the state-of-the-art ways vulnerabilities in open source code can be identified and mitigated and what can we do if scanning and patching still have holes that put our systems at risk.
Moderator: Joe Saunders
Participants: Dr. Laurie Williams (NCState); Trey Herr, Director, (The Atlantic Council “Cyber Statecraft Initiative”); Aaron Bray (Phylum)