The Heartbleed bug took the world by storm in April of 2014. It’s been called the most catastrophic bug in recent years. It’s also become the measurement for all vulnerabilities following (ShellShock, POODLE, etc) But what does this mean to you? It’s fixed, so we can stop worrying, right?
The answer is that vulnerability management involving libraries is different. It is more complex than basic patching and involves analysis, discussion and long term planning. What does that mean to you?
This talk uses Heartbleed and similar vulnerabilities to start a discussion around development risks. Libraries make things easier, so they reduce time-to-market risk, but might increase ownership risk. However, there are also risks to custom development. There is likely no one true answer.
Once the talk itself is done, the remainder of the session will be a free-form strategic discussion around legacy applications and systems and what we can do about them.
- How development risks extend far beyond traditional areas of focus
- Discuss common libraries in use and how to assess them
- Freeform brainstorming on problems and solutions outside of traditional infrastructure
About Josh More

Josh More started Eyra Security after spending more than 15 years in a leadership position on several security-focused groups. When taking a break from reducing IT and security risks for his company’s customers, More enjoys reading, cooking and photography.