LIVE webinar

Managing threats and vulnerabilities from third-party dependencies in software projects

Sebastian Olsson | Johan Lindfors

Managing threats and vulnerabilities from third-party dependencies in software projects

See webcast

By submitting your email adress you will be able to see the webcast as many times as you want.
  • Hidden
  • Hidden

Modern software stands on the shoulders of third-party frameworks and libraries, many of which are open source. This leads to fantastic possibilities in software composition and productivity, but also means that most projects depend on massive amounts of potentially vulnerable or malicious code.

Managing the different classes of threats from dependencies is complex, and there is no single tool to solve all problems. For most organisations it is possible to reduce the risk through awareness and sound policies and automation.

Examples of risk to consider and mitigate are:
– Dependencies with known vulnerabilities
– Depending on unmaintained projects
– Supply-chain attacks and malicious dependencies

In this tech talk we will take a look at typical threats and risks with third party components and find pragmatic approaches to managing the risk, while staying productive.

Key learnings:

  • Classes of threats to consider when using third-party dependencies in software development
  •  General policies to reduce third-party risk for most development projects
  •  The benefits of visibility and risk reduction through automation

Questions?

Have a question you want to be answered during our Tech Talk? Mail it to us at t3@truesec.com

Language:

English

Target groups:

Software developers, software project managers, software product managers, information security professionals

 

Hosts:

Johan Lindfors

When I’m not helping a client or customer with their custom solutions, I always find myself investigating areas where I’ve not been before, maybe by publishing a “proof of concept” or sample on GitHub or participating in one of the many Meetups or conferences available in the world. I also love teaching, which is why I for several years have been a common face in several of the largest Swedish developer conferences, presenting topics that always are close to heart.

Sebastian Olsson

Focused on security, performance and architecture. I enjoy making software secure by designing it well. Ideally in a way that actually boosts productivity and developer happiness.

Sebastian tend to spend much time analyzing software architecture and development life cycles. Otherwise interested in programming, cryptography, secure communications, identities and distributed systems.