Interop ITX 2017 Schedule Builder

Interop ITX 2017 Schedule Builder

View, browse and sort the Interop agenda by track, pass type, format, session day/time, and conference journey. With the Interop ITX Schedule Builder, you can build your schedule in advance and access it during the show via export or in your Interop ITX Mobile App.

In order to best utilize Schedule Builder, please use the login credentials you've set up on this page as your login credentials on the Interop ITX App. You can download the app on iTunes or Google Play.

All SessionsSpeakersMy Schedule
View Sessions As:
  
  • Security in the Age of Open Source - Myths and Misperceptions

    Speaker:
    • Tim Mackey  |  Senior Technical Evangelist, Black Duck Software
    Location:  Room 111
    Format: Conference Session
    Conference Journeys: IT Operations, IT Architect
    Track: Security
    Pass Type: All Access, Conference, Thursday Conference - Get your pass now!
    Vault Recording: TBD
    Audience Level: IT Operations

    Open source software is being embraced by individual developers, enterprises, and the federal government. Everyone knows that open source is "free" to acquire, but beyond that exists strong opinions and few facts. How much open source is really being used in the applications you buy? Does the "many eyes theory" make open source more secure? Does my security testing address vulnerabilities in open source? Can static and dynamic analysis help secure the open source used by organizations?

    This session will provide insight from real world data abstracted from 2 independent research projects; The Future of Open Source and Open Source Security in Commercial Applications to compare what organizations believe they should do against empirical data from hundreds of code audits performed by Black Duck on Demand. The data will show:

    • The composition of open source v. proprietary code in the average code base, and how that has changed over the past 5 years
    • The gap between the number of open source components used vs. what was known by the organization
    • The number, severity, and age of security vulnerabilities in the open source components
    • An understanding of which components have underactive support communities
    • The value of traditional testing tools like static and dynamic analysis, and where they best fit in the Secure Development Lifecycle
    • Controls development and security professionals can deploy to select, detect, manage and monitor open source for existing and newly disclosed vulnerabilities