It Was Broken When It Got Here - Security in Your Software Procurement Process

Explore the critical issue of security in third-party software procurement in this 39-minute LASCON conference talk. Delve into the complexities of ensuring security for Commercial Off-The-Shelf (COTS) and Free and Open Source Software (FOSS) in enterprise environments. Examine case studies of vulnerabilities discovered during penetration tests that led to company compromises. Learn how long-standing flaws in products can create potential back-doors into internal networks and data. Gain valuable advice and guidance on integrating security considerations into the enterprise product purchasing process. Cover topics including the current software security landscape, the challenges of diverse vendor security approaches, and the importance of threat modeling in procurement decisions.

Introduction
About NCC Group
What is software
Your software is not your software
Big software
Software from everywhere
Free Bugs
Working with Vendors
Threat Model