Third Party Code: FIX ALL THE THINGS

DerbyCon 4.0 - Family Rootz

Presented by: Jake Kouns, Kymberlee Price
Date: Saturday September 27, 2014
Time: 13:00 - 13:50
Location: Track 4

Digging deeper into a topic that we first presented at Black Hat USA 2014- this presentation will expand on the challenges we face in securing third party libraries in the products and enterprise networks we are responsible for. More Libraries! More Vulnerabilities! More Things! Many developers today are turning to well established third-party libraries to speed the development process and realize quality improvements over creating an in-house proprietary font parsing or image rendering library from the ground up. Efficiency comes at a cost though: a single application may have as many as 100 different third party libraries implemented. The result is that third-party and open source libraries have the ability to spread a single vulnerability across multiple products- exposing enterprises and requiring software vendors and IT organizations to patch the same vulnerability repeatedly. How big of a problem is this? What libraries are the biggest offenders for spreading pestilence? And what can be done to minimize this problem? This presentation will dive deep into vulnerability data and explore the source and spread of these vulnerabilities through products- as well as actions the security research community and enterprise customers can take to address this problem.

Kymberlee Price

Jake Kouns


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats