11,000 Voices: Experts Shed Light on 4-Year Open Source & AppSec Survey

Presented at AppSec USA 2014, Sept. 18, 2014, 1 p.m. (45 minutes).

In 2013, OWASP updated its top 10 list to include "(A9) Avoiding the use of open source components with known vulnerabilities." The guideline was added as OWASP leaders came to understand that 90% of a typical application is composed of open source components. In this session, a senior panel of application security experts will share and discuss the results of a four-year, industry-wide study on application security practices, drivers, and trends within the open source development community. To date, over 11,000 professionals have participated in the study. Among the surprising survey responses, panelists will share their perspectives on:  75% of organizations are not enforcing their open source policies  Only 16% of participants must prove they are not using components with known vulnerabilities  64% don't track changes in open source vulnerability data This annual study in 2014 was run during the month of April, right in the wake of the notorious open source Heartbleed bug announcement. Over 3,000 participated in the 2014 study with results directly reflecting the state of organization's preparedness to react to Heartbleed and any future vulnerabilities.

Links:

Similar Presentations: