FSE 2016 All Events

24th ACM SIGSOFT International Symposium on the Foundations of Software Engineering (FSE 2016), November 13–18, 2016, Seattle, WA, USA

Desktop Layout

Showcases
Emerald Ballroom, Chair: Jo Atlee, Gail Murphy
Making Invisible Things Visible: Tracking Down Known Vulnerabilities at 3000 Companies (Showcase)
Gazi Mahmud
(Sonatype, USA)
Publisher's Version
Abstract: This year, software development teams around the world are consuming BILLIONS of open source and third-party components. The good news: they are accelerating time to market. The bad news: 1 in 17 components they are using include known security vulnerabilities. In this talk, I will describe what Sonatype, the company behind The Central Repository that supports Apache Maven, has learned from analyzing how thousands of applications use open source components. I will also discuss how organizations like Mayo Clinic, Exxon, Capital One, the U.S. FDA and Intuit are utilizing the principles of software supply chain automation to improve application security and how organizations can balance the need for speed with quality and security early in the development cycle.

Author:


Time stamp: 2019-03-26T20:05:24+01:00