Half of all exploitations take place between 10 and 100 days after a vulnerability is published in a library. Attacks come fast, exploits are automated. In this world, timely updating third-party software components is of vital importance. Incorrect implementation of these libraries makes it difficult to update and maintain them, increasing the risk of being breached via vulnerable components. This is the current state of the software where large number of software applications have vulnerable components. Starting from real-world examples, Katy Anton with explore the software design patterns to use when including third party components and will discuss how these patterns can reduce the attack surface and improve the overall security of the software. Developers and architects alike will benefit from case studies outlining how this approach improves security in the world.


Comments are closed.

Jeffrey at 14:46 on 30 Sep 2017

The presentation was on the short side (20-25 min). Tips for improvement, show some tooling and/or examples of the design principles how we (as developers) can improve our applications. After all, there was enough time. In addition, I was very curious about numbers, how often do these specific attacks occur?

Very informative and will help a lot.

Parviz Ahmadi at 16:20 on 30 Sep 2017

Very informative and surely helps our project .

Presented a useful framework, but could have used the full time to go into more detail and practical examples.

Anonymous at 16:49 on 30 Sep 2017

Great talk that started from the software design pattern and introduced the security design principles .

Matthew at 16:53 on 30 Sep 2017

Great talk highlighting three key security approaches often missed when using third party libraries and APIs. Something every developer should consider!

Well delivered and followed with inspiring answers to questions raised hopefully making all attendees think about this when they go back on Monday. I know I will be.

Looking forward to future follow up talks on the subject!

Ben Longden at 17:52 on 30 Sep 2017

Useful, agree with most comments so far. More info on tooling and examples of why make use of the patterns (Instead of that we should). Definitely worth hearing. ?

Good overview of security issues, but now I want to find some exploits...

Great content but agree with other comments that the pace could have been better.

Chris Emerson at 16:25 on 1 Oct 2017

Some great tips and techniques for managing security of 3rd party code in your projects - took away some useful tips to apply.

Mark Railton at 21:16 on 1 Oct 2017

The talk felt like something was missing, I don't feel that we were actually effectively equipped to mitigate possible security issues effectively.