In today’s software development landscape, products are often an intricate blend of in-house code and open-source third-party dependencies. While many organizations have robust procedures to secure their own codebase, the strategies to safeguard against vulnerabilities in open-source components are not as well-developed.

In this session, we will navigate the complexities of implementing an effective process to manage vulnerabilities within open-source dependencies. Our discussion will cover key considerations for evaluating software composition analysis tools and detail the steps necessary for a successful tool rollout. We will delve into effective strategies for triaging findings and shifting from a reactive to a proactive security posture.

You will leave the session equipped with a foundational but adaptable process, ready to enhance the security of your products that depend on open-source dependencies.