The (Application) Patching Manifesto

Presented at LocoMocoSec 2018, April 6, 2018, 11 a.m. (40 minutes)

Patching programs are a part of every organization; Patch-Tuesday rolls around and the IT staff tests and pushes out patches for Windows. Unfortunately, when it comes to application dependencies most organizations are woefully behind – yet the bad guys have been stepping up their game. This talk will cover why the problem exists and what organizations can do to improve. We will also discuss techniques to limit exposure between security patch release and deployment.

Presenters:

• Jeremy Long
  Jeremy Long is a principal engineer at a large financial institution. He specializes in securing the SDLC via secure coding training, security requirements and coding standards, tooling for early identification in build pipelines, etc. He has a deep understanding of static analysis and has created and customized automated tools to both decrease assessment time and increase quality. Jeremy is the founder and project lead for the OWASP dependency-check project.

Links:

• https://locomocosecurityconference2018.sched.com/event/BPCo/the-application-patching-manifesto
• https://infocon.org/cons/LocoMocoSec/LocoMocoSec 2018 Kona/Jeremy Long The (Application) Patching Manifesto.mp4
• https://infocon.org/cons/LocoMocoSec/LocoMocoSec 2018 Kona/Jeremy Long The (Application) Patching Manifesto.eng.srt (subtitles)

Similar Presentations:

• DerbyCon 8.0 Evolution (2018) / Patching: Show me where it hurts
• DeepSec 2015 „DeepSec No. 9“ / Yes, Now YOU Can Patch That Vulnerability Too!
• Black Hat USA 2016 / Adaptive Kernel Live Patching: An Open Collaborative Effort to Ameliorate Android N-Day Root Exploits