FS-ISAC Webinar: New Policy Enforcement Approach for 3rd Party Software

View on Mobile or as Web Page

In December, the FS-ISAC Third Party Software Security Working Group released new controls to manage risk associated with open source libraries and components. These controls recommend financial institutions apply policy management and enforcement as well as inventory management for open source libraries and components used in their application portfolio. Why should open source component management be a top priority? 90% of the typical enterprise application is comprised of open source components 71% of applications were found to contain components with known security flaws classified as severe or critical 76% of organizations have no component management policies in place OWASP now recognizes 'using components with known vulnerabilities' as a top 10 open source security risk The recent attacks based on the critical vulnerabilities announced in the popular Struts web framework are a perfect example of the severity of the problem. So much so that the FBI issued this alert. February 5th 1:00pm EST (GMT-0500) Register Now   Jim Routh, CISM, CSSLP Information Security Leader   Joshua Corman CTO, Sonatype Join this webinar to hear best practices for how to establish effective governance and monitoring across the software supply chain. Register now.

Manage Email Preferences Sonatype Inc.   |   8161 Maple Lawn Blvd, Suite 250   |   Fulton, MD 20759   |   1.877.866.2836   |   Privacy Policy