This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
OWASP AppSec DC 2012/The Unfortunate Reality of Insecure Libraries
Registration Now OPEN! | Hotel | Schedule | Convention Center | AppSecDC.org
The Presentation
Many organizations have started application security programs to focus on finding and subsequently preventing vulnerabilities in their custom code. However, the widespread use of common libraries introduces risks that are widely ignored and unappreciated. In this study, we analyze over 113 million library downloads from the Maven Central repository of the 31 most popular Java frameworks and security libraries by over 60,000 companies. The data show that there are a surprising amount of libraries with known vulnerabilities in common use. The data reveal some very interesting facts about our use of libraries, and we conclude that most organizations do not appear to have a strong process in place for ensuring that the libraries they rely on are up-to-date and free from known vulnerabilities.
The Speakers
Arshan DabirsiaghiBio TBA |
Jeff WilliamsBio TBA |
Gold Sponsors |
||||
Silver Sponsors |
||||
Small Business |
||||
Exhibitors |