Front Range OWASP Conference 2013/Sessions/Sess5 Tech2

Data Mining a Mountain of Zero Day Vulnerabilities

Every day, software developers around the world, from Bangalore to Silicon Valley, churn out millions of lines of insecure code. This presentation evaluates an anonymized vulnerability data set derived from static binary analysis on thousands of applications belonging to large enterprises, commercial software vendors, open source projects, and software outsourcers.

By mining this data we can answer some interesting questions. What types of mistakes do developers make most often? Are we making any progress at eradicating XSS and SQL injection? How long does it really take to remediate software vulnerabilities? How secure are third party software components?

The discussion will answer these questions and many others, giving you a deep dive into metrics not found anywhere else.

Slides Video

Joe Brady

Joe Brady is a Senior Solutions Architect at Veracode with over 25 years of experience in software application development, IT risk management, and security. He works consultatively with customers and prospects to help them evaluate a Veracode solution for managing their application security risk. His professional experience includes advising customers on end point data encryption solutions at Credant Technology (now Dell); IT risk and portfolio management at Prosight (now Oracle); and, UNIX symmetric multiprocessor computing for high performance databases and parallel programming research at Sequent Computers (now IBM). In addition, he has experience architecting and developing software applications, as a developer and manager. Joe began programming as a physics undergrad and developed early microprocessor based instrumentation at Cornell, where he received a M.S. degree in Applied and Engineering Physics.