August 20, 2013 at 6:30 PM

ISSA National Capital Chapter August meeting topic:

What's Hiding in Your Software Components?  Hidden Risks of Component-Based Software
by Bruce Mayhew

What's Hiding in Your Software Components?  Hidden Risks of Component-Based Software

Software is no longer written, it's assembled. With 80% of a typical application now being assembled from components, it's time to take a hard look at the new risks posed by this type of development -- and the  processes and tools that we'll need in order to keep them in check.

On the just released OWASP Top 10 for 2013, entry A9 highlights the potential problems associated with the widespread use of open-source components with known security vulnerabilities in modern-day application development.

Join Bruce Mayhew,  as he shares real world data on component risks, outlines the scope of the problem, and proposes approaches for managing these risk. You'll learn how security professionals can work cooperatively with application developers to reduce risk AND boost developer efficiency.


About the Speaker
Bruce Mayhew is the Director of Security Products at Sonatype with over 20 years of software development experience, 13 years of which have been focused on application security.  He has performed code-level security assessments for hundreds of applications, created application security programs and training curriculums for large institutions, and has been a Web Application Security Course instructor for the SANS Institute.  Bruce is the primary author and project lead of OWASP WebGoat, a deliberately insecure JavaEE educational application. He is an author of the SANS GSSP Secure Programming Assessment and a frequent speaker on application
 security topics.


Please RSVP if you plan to attend.
Non-members are welcome without charge! Light refreshments will be served.


Tuesday, August 20, 2013 6:30 PM

Government Printing Office
Room A138
732 N. Capitol St.
Washington, DC, 20401

Click here for details