{"id":65,"date":"2012-08-01T11:50:27","date_gmt":"2012-08-01T18:50:27","guid":{"rendered":"http:\/\/blogs.gentoo.org\/underling\/?p=65"},"modified":"2017-03-07T12:29:52","modified_gmt":"2017-03-07T20:29:52","slug":"bundled-software-security-oscon-slides","status":"publish","type":"post","link":"https:\/\/blogs.gentoo.org\/underling\/2012\/08\/01\/bundled-software-security-oscon-slides\/","title":{"rendered":"Bundled Software Security: OSCON Slides"},"content":{"rendered":"<p>I was lucky enough to be selected to present on <a href=\"http:\/\/www.oscon.com\/oscon2012\/public\/schedule\/detail\/23112\">bundled third-party software security<\/a> at <a href=\"http:\/\/www.oscon.com\/oscon2012\">OSCON 2012<\/a> in Portland. This was a great opportunity for me to speak more openly about a topic that I quite enjoy and that consumes a large portion of my day job.<\/p>\n<p>In that session I speak to some of the most common challenges with managing the product, application or service impact of bundled third-party software (TPS) security. I see those challenges as:<\/p>\n<ul>\n<li>Knowing Where TPS is Used<\/li>\n<li>Understanding Dependencies<\/li>\n<li>Inconsistent Package Naming<\/li>\n<li>Unmanageable Selection Processes<\/li>\n<li>Learning of Vulnerabilities<\/li>\n<li>Inconsistent Fixes<\/li>\n<li>External Development Partners<\/li>\n<\/ul>\n<p>I also speak to potential remedies such as standardization and bug database instrumentation. We&#8217;ve posted the <a href=\"http:\/\/www.slideshare.net\/CiscoSecurity\/managing-the-security-impact-of-bundled-open-source-software-from-oscon\">slides from this session<\/a> online on slideshare.net. <\/p>\n<p><iframe loading=\"lazy\" src=\"http:\/\/www.slideshare.net\/slideshow\/embed_code\/13729767\" width=\"512\" height=\"421\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\" style=\"border:1px solid #CCC;border-width:1px 1px 0;margin-bottom:5px\" allowfullscreen> <\/iframe> <\/p>\n<p>Many thanks to my friends on the <a href=\"https:\/\/twitter.com\/ciscosecurity\">Cisco Security Marketing team<\/a> for posting them.<\/p>\n<p>Check it out and let me know what you think!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>I was lucky enough to be selected to present on bundled third-party software security at OSCON 2012 in Portland. This was a great opportunity for me to speak more openly about a topic that I quite enjoy and that consumes a large portion of my day job. In that session I speak to some of &hellip; <a href=\"https:\/\/blogs.gentoo.org\/underling\/2012\/08\/01\/bundled-software-security-oscon-slides\/\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">Bundled Software Security: OSCON Slides<\/span><\/a><\/p>\n","protected":false},"author":135,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[8],"tags":[9,5],"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/blogs.gentoo.org\/underling\/wp-json\/wp\/v2\/posts\/65"}],"collection":[{"href":"https:\/\/blogs.gentoo.org\/underling\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.gentoo.org\/underling\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.gentoo.org\/underling\/wp-json\/wp\/v2\/users\/135"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.gentoo.org\/underling\/wp-json\/wp\/v2\/comments?post=65"}],"version-history":[{"count":20,"href":"https:\/\/blogs.gentoo.org\/underling\/wp-json\/wp\/v2\/posts\/65\/revisions"}],"predecessor-version":[{"id":85,"href":"https:\/\/blogs.gentoo.org\/underling\/wp-json\/wp\/v2\/posts\/65\/revisions\/85"}],"wp:attachment":[{"href":"https:\/\/blogs.gentoo.org\/underling\/wp-json\/wp\/v2\/media?parent=65"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.gentoo.org\/underling\/wp-json\/wp\/v2\/categories?post=65"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.gentoo.org\/underling\/wp-json\/wp\/v2\/tags?post=65"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}