Using Third-Party Components for Building Secure Software - AppSec EU 2016

Explore a comprehensive conference talk from AppSecEU 2016 in Rome that delves into the challenges and strategies of using third-party components in software development. Learn about secure software development practices, the maintenance challenges associated with third-party software, and different types of components. Discover insights on FLOSS usage at SAP, vulnerability prediction issues, and the importance of understanding factors rather than making predictions. Examine various maintenance models, including centralized, distributed, and hybrid security maintenance approaches. Gain valuable knowledge on strategies for controlling risks and managing effort when incorporating third-party components into your projects. Conclude with key takeaways for effectively leveraging external software while maintaining security and efficiency in your development process.

Intro
Secure Software Development
The Maintenance Challenge
Types of Third-Party Software
Data Sources
FLOSS Usage At SAP
What We Want
Vulnerability Prediction?
Vulnerability Prediction: Problems
Understanding Factors Is More Critical Than Predictions
Which Factors Are Interesting?
Relationships Between Factors
Different Maintenance Models
Centralized Security Maintenance
Distributed Security Maintenance
Hybrid Security Maintenance
Strategies For Controlling Risks (1/2)
Strategies For Controlling Effort
Conclusion