Back To Schedule
Thursday, April 26 • 14:00 - 14:45
Let’s build an OSS vulnerability management program!

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Does your company use Open Source Software (OSS) libraries in the products that it builds? Do you worry that your customers and company will be exploited by these vulnerabilities because no one in your product development team is maintaining those libraries with vulnerability fixes? Well let’s do something about that.  During this presentation, we will start from nothing and take steps to identify the OSS libraries that your company uses in order to build a bill of materials (BOM), we will then give examples of how to source threat intel on those libraries, and finally we will discuss strategies to remediate the vulnerabilities in our code repository so that we can keep our customers and company safe from malice.  This presentation will be delivered from the perspective of a Product Security Response team protecting customers who deploy their company’s products. However, this presentation is also useful to those building and defending internally deployed applications.

avatar for Tyler Townes

Tyler Townes

Security Program Manager, BlackBerry
Tyler works at BlackBerry Product Security as a Security Program Manager and is the lead incident manager during emergency response events. His focus areas include SDLC, sustained engineering, vulnerability management, and risk management across multiple operating systems. He is currently... Read More →

Thursday April 26, 2018 14:00 - 14:45 ADT
Track 4 - Room A3