• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • About
    • Secure360
    • UMSA
    • Get Involved
  • Events
    • Secure360 2021
    • Student360
    • Past Events
      • 2020 Secure360 Twin Cities
      • 2020 Student360
      • 2019 Secure360 Twin Cities
      • 2019 Student360
      • 2018 Secure360 Twin Cities
      • 2018 Secure360 Wisconsin
      • 2018 Student360
      • 2017 Secure360 Twin Cities
      • 2017 Student360
      • 2016 TC Secure360 Conference
      • 2015 Secure360 Conference
      • 2014 Secure360 Conference
      • 2013 Secure360 Conference
        • 2013 Secure360 Conference Speaker Presentations
      • 2012 Secure360 Conference
  • For Sponsors
    • Secure360 Twin Cities
    • Student360 Sponsors
  • For Speakers
    • Secure360 Speaker Details
    • Student360 Speaker Details
  • Blog
  • Nav Social Menu

    • Facebook
    • LinkedIn
    • Twitter
    • Vimeo

Secure360

Managing Risk in an Open World

Nearly every organization in the world uses open source, in some form or another, as part of its software environment. The state-of-the-art in mitigating open source risk, today, is tracking and patching publicly reported vulnerabilities in high-profile open source projects, but that only tells part of the story. Increasingly, organizations are also analyzing source code for unreported and undisclosed vulnerabilities. The final piece that businesses must identify, is who is developing the software and how they will respond to future security issues when they occur.

The speaker will describe her experience aggregating known security vulnerabilities in open source and identifying new vulnerabilities using automated static analysis, and will discuss important attributes of an open source security strategy. She will propose metrics to gauge the consolidated technical risk introduced by open source software, and conclude by showing how these metrics can enable organizations to include open source in their governance efforts.

Key learning points:
  • How insecure development practices create risks for open source users
  • How failure to prioritize security issues creates open source risk
  • How to identify unreported and undisclosed risks

About Joy Marie Forsythe

Joy Forsythe co-manages HP’s Software Security Research team. She has spent the past five years helping customers identify and understand issues in their code. She has also focused on issues related to voting, healthcare governance and communicating security information to developers.

Prior to joining Fortify, Ms. Forsythe worked for Oracle, where she designed and implemented the encryption and storage optimization features for SecureFiles. She holds a Masters of Engineering degree and a Bachelor of Science degree from MIT in Computer Science, where she completed her thesis on voting and cryptography.

Primary Sidebar

Details

Wednesday May 14, 2014
9:45 AM - 10:45 AM
Room 12
Level: Intermediate
Focus:

Share this page

Share on Facebook
Facebook
Tweet about this on Twitter
Twitter
Share on LinkedIn
Linkedin
Buffer this page
Buffer
Email this to someone
email

Footer

Contact

For more information about UMSA events, contact: Marie Strawser

Email List Signup

Join our email list for monthly Secure360 news and updates!




Join our tradeshow email list for updates on sponsorship opportunities and upcoming exhibitor deadlines.

Sponsored by:
© 2021 Secure360. All rights reserved.