• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Student360
  • About
    • Secure360
    • UMSA
  • Secure360 2022
  • For Sponsors
  • For Speakers
  • Get Involved
  • Blog
  • Nav Social Menu

    • Facebook
    • LinkedIn
    • Twitter
    • Vimeo

Secure360

Managing Risk in an Open World

Nearly every organization in the world uses open source, in some form or another, as part of its software environment. The state-of-the-art in mitigating open source risk, today, is tracking and patching publicly reported vulnerabilities in high-profile open source projects, but that only tells part of the story. Increasingly, organizations are also analyzing source code for unreported and undisclosed vulnerabilities. The final piece that businesses must identify, is who is developing the software and how they will respond to future security issues when they occur.

The speaker will describe her experience aggregating known security vulnerabilities in open source and identifying new vulnerabilities using automated static analysis, and will discuss important attributes of an open source security strategy. She will propose metrics to gauge the consolidated technical risk introduced by open source software, and conclude by showing how these metrics can enable organizations to include open source in their governance efforts.

Key learning points:
  • How insecure development practices create risks for open source users
  • How failure to prioritize security issues creates open source risk
  • How to identify unreported and undisclosed risks

About Joy Marie Forsythe

Joy Forsythe co-manages HP’s Software Security Research team. She has spent the past five years helping customers identify and understand issues in their code. She has also focused on issues related to voting, healthcare governance and communicating security information to developers.

Prior to joining Fortify, Ms. Forsythe worked for Oracle, where she designed and implemented the encryption and storage optimization features for SecureFiles. She holds a Masters of Engineering degree and a Bachelor of Science degree from MIT in Computer Science, where she completed her thesis on voting and cryptography.

Primary Sidebar

Details

Wednesday May 14, 2014
9:45 AM - 10:45 AM
Room 12
Level: Intermediate
Focus:

Share this page

Share on Facebook
Facebook
Tweet about this on Twitter
Twitter
Share on LinkedIn
Linkedin
Buffer this page
Buffer
Email this to someone
email

Footer

Contact

For more information about UMSA events, contact: Marie Strawser

Email List Signup

Join our email list for monthly Secure360 news and updates!




Join our tradeshow email list for updates on sponsorship opportunities and upcoming exhibitor deadlines.

Sponsored by:
© 2022 Secure360. All rights reserved.