I was lucky enough to be selected to present on bundled third-party software security at OSCON 2012 in Portland. This was a great opportunity for me to speak more openly about a topic that I quite enjoy and that consumes a large portion of my day job.
In that session I speak to some of the most common challenges with managing the product, application or service impact of bundled third-party software (TPS) security. I see those challenges as:
- Knowing Where TPS is Used
- Understanding Dependencies
- Inconsistent Package Naming
- Unmanageable Selection Processes
- Learning of Vulnerabilities
- Inconsistent Fixes
- External Development Partners
I also speak to potential remedies such as standardization and bug database instrumentation. We’ve posted the slides from this session online on slideshare.net.
Many thanks to my friends on the Cisco Security Marketing team for posting them.
Check it out and let me know what you think!