Visible to the public Biblio

Filters: Keyword is OSSRH  [Clear All Filters]
2017-05-17
Mahmud, Gazi.  2016.  Making Invisible Things Visible: Tracking Down Known Vulnerabilities at 3000 Companies (Showcase). Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering. :25–25.

This year, software development teams around the world are consuming BILLIONS of open source and third-party components. The good news: they are accelerating time to market. The bad news: 1 in 17 components they are using include known security vulnerabilities. In this talk, I will describe what Sonatype, the company behind The Central Repository that supports Apache Maven, has learned from analyzing how thousands of applications use open source components. I will also discuss how organizations like Mayo Clinic, Exxon, Capital One, the U.S. FDA and Intuit are utilizing the principles of software supply chain automation to improve application security and how organizations can balance the need for speed with quality and security early in the development cycle.