Trupti Shiralkar presented on the importance of evaluating third-party libraries for security issues. She explained that applications are often built using libraries, so vulnerabilities in libraries can affect many applications. Shiralkar proposed a process for security evaluation of libraries that includes reviewing architecture, threat modeling, static code analysis, and security testing. As an example, she discussed evaluating the OpenSSL library and finding any implicit security controls, explicit controls, vulnerabilities, or risks of misuse. The goal is to provide guidance to help secure usage and default secure configurations of libraries.
2. Disclaimer
This disclaimer informs readers that the views, thoughts, and opinions expressed in the presentation
belong solely to the author, and not necessarily to the author’s employer, organization, committee or other
group or individual.