AppSec Europe 2016 has ended
Back To Schedule
Friday, July 1 • 10:20 - 11:05
A chain of trust: How to implement a supply chain approach to build and launch that rocket

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

A new entrant to the OWASP Top 10 2013 ranking was A9 - Using components with Known vulnerabilities. Increasingly, the compromise point of an application has not been due to code that has originated in house, the 2015 Data Breach Investigations Report states 97% of attack mediums can be traced to 10 CVES. Standards like PCI-DSS call for auditing and constant monitoring of the status of these components, but often this leads to controls outside the realm of what is scaleable. Luckily, security of can be and is a developer choice as much as a process. In this session we talk through what can be done to implement a process that helps lower compound risk from 3rd party suppliers as early in the software lifecycle as is possible, and how to help facilitate security as a part of the DevOps culture

avatar for Ilkka Turunen

Ilkka Turunen

SE, Sonatype
Ilkka Turunen is a Solutions Architect working at Sonatype in Europe and Asia. His background is in software and systems engineering, acting as an architect for several commercial projects. He's helped define everything from the software design to web-scale infrastructure architectures... Read More →

Friday July 1, 2016 10:20 - 11:05 CEST
Room A (Michelangelo Ballroom Sect. 3)