Your SlideShare is downloading. ×
0
Wayne Jackson's Presentation at RSA 2012
Wayne Jackson's Presentation at RSA 2012
Wayne Jackson's Presentation at RSA 2012
Wayne Jackson's Presentation at RSA 2012
Wayne Jackson's Presentation at RSA 2012
Wayne Jackson's Presentation at RSA 2012
Wayne Jackson's Presentation at RSA 2012
Wayne Jackson's Presentation at RSA 2012
Wayne Jackson's Presentation at RSA 2012
Wayne Jackson's Presentation at RSA 2012
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Wayne Jackson's Presentation at RSA 2012

1,033

Published on

Published in: Technology, Education
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,033
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
4
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • THAT AWARENESS IS VITAL, IN PART BECAUSE THE OPEN SOURCE ECOSYSTEM HAS NO NOTIFICATIONINFRASTRUCTURE. IMAGINE YOUR DESKTOP WITHOUT AUTO-UPDATE. IMAGINE DIGGING THROUGH THOUSANDS OF WEB SITES, SIFTING THROUGH RELEASE NOTES, SEARCHING FOR SECURITY BULLETINS, TRACKING DOWN CRITICAL FIXES.
  • AND THE ECOSYSTEM AFFECTED BY THIS CONDITION IS VAST - MORE THAN 80% OF MODERN SOFTWARE IS OPEN SOURCE AND THE TYPICAL ORGANIZATION USES THOUSANDS OF THESE OFTEN COMPLEX COMPONENTS.
  • THE COMPOUNDING REALITY IS THAT WHEN ISSUES DO ARISE, THE EFFECTS ARE VIRAL, WHILE THE FIXES ARE NOT. FOR EXAMPLE,PATCHING SPRING 2.5.6 DID NOTHING TO FIX THE 1,447 COMPONENTS THAT ITCOMPROMISEDOR THE UNTOLD NUMBERS OF DOWNSTREAMAPPLICATIONS THAT USED THEM.
  • THE RESULT IS SITUATIONS LIKE THIS... 6,982 ORGANIZATIONS – INCLUDING GLOBAL FINANCIAL INSTITUTIONS AND THE DEPARTMENT OF HOMELAND SECURITY – ARE ACTIVELY USING A THREE YEAR OLD CRYPTO LIBRARY WITH A REMOTELY EXPLOITABLE, BAD AS IT GETS, SECURITY FLAW WITH PUBLISHED EXPLOIT CODE. <PAUSE TO LET THIS SINK IN>
  • SONATPYE IS FOCUSED OBSESSIVELY ON CREATING ORDER AMIDST THIS CHAOS, DEVELOPING AN EXTRAORDINARY CAPACITY FOR BRIDGING CRITICAL AWARENESS GAPS. FIRST, BUILDING SOPHISTICATED INFRASTRUCTURE FOR MINING VIRTUALLY EVERYTHING KNOWABLE ABOUT A GIVEN SOFTWARE COMPONENT. AND, SECOND…
  • A PLATFORM FOR DELIVERING KNOWLEDGE DIRECTLY INTO THE TOOLS THAT DEVELOPERS AND DEVELOPMENT MANAGERS USE EVERY DAY. THAT PLATFORM, SONATYPE INSIGHT, ENABLES ORGANIZATIONS TO GOVERN DEVELOPMENT PROCESSES, TO CONTINUOUSLY MONITOR THE HEALTH OF THEIR REPOSITORIES, AND TO RETRIEVE REAL-TIME ALERTS WHEN CRITICAL APPLICATIONS ARE AFFECTED BY NEWLY DISCOVERED THREATS.
  • SO…TODAY, WE HAVE A VITAL, FRIGHTENINGLY COMPLEX ECOSYSTEM WITH VIRAL ISSUE PROPOGATION AND NO NOTIFICATION INFRASTRUCTURE… TOMORROW, WILL BE A LOT LESS FRIGHTENING. THE LAUNCH OF INSIGHTIS HAPPENING AS WE SPEAK. PRE-LAUNCH ACTIVITIES HAVE GENERATED MORE THAN 300 CUSTOMERS AND OVER THE NEXT FEW MONTHS, WE EXPECT THOUSANDS OF OTHERS TO JOIN THEM. A SIGNIFICANT ADVANCE, WE HOPE, IN THE STATE OF SOFTWARE INTEGRITY AND APPLICATION SECURITY.
  • Transcript

    • 1. From the authors of Maven,Nexus, m2eclipse and otherleading technologies. The Sorry State of Application Security Wayne Jackson Chief Executive OfficerUsed by 80,000 organizations worldwide
    • 2. Central: Where Open Source Lives Sonatype
    • 3. Ecosystem Lacks Change Awareness WE DON’T KNOW ABOUT WE CAN BELIEVE IN 14,334 Components Were Updated in 2011 On Average, 400 Updates per Day
    • 4. Component Dependencies are Complex of modern software80% is open source. The global 2000 average more than 1,000 unique components per month
    • 5. Issues are Viral… 1,447 projects contain the flawed component …the Fixes are NOT
    • 6. Houston, We Have a Problem! • In the Last Year… • 6,982 Organizations • Crypto Library • Level 10 Flaw • 3 Years After Fix
    • 7. Event-Driven Knowledge Engine License Detail Update Events Knowledge Project Detail Component Detail Consumption Events Consumption Metadata Events Flaw Update Correlation Detail Reason CreationThe Central Repository Public & Private Component Usage Events Metadata Resources
    • 8. Delivering Knowledge. In Context. Sonatype Insight
    • 9. Sonatype: Transforming Software IntegrityStarted – Q3 2010Insight Pre-Launch – Q4 2011Insight Launch – RSA 2012 Already, more than 300 customers
    • 10. From the authors of Maven,Nexus, m2eclipse and otherleading technologies. Thank You!Used by 80,000 organizations worldwide

    ×