Loading…
Thank you for joining us at our 20th Anniversary Event! All sessions were recorded and will be posted in the coming weeks on the OWASP YouTube channel.

We have been working hard to secure the world through challenges and discovery. And now, it’s time to celebrate! Many of you have played a crucial role in the Foundation’s enduring history, and we encourage you to participate in the celebration coming this September! Our theme, Securing the Next 20 Years, is encouraging and exciting as we look ahead to the next 20 years!

Join us for FREE at this live 24-hour global event as we honor the past, celebrate the present, and embrace the future of OWASP and cybersecurity. Hear from world-renowned keynotes and special speakers, and network with your peers. It is FREE to attend, however, registration IS required, to gain access to the session links.

Back To Schedule
Friday, September 24 • 5:00am - 5:30am
Effective Usage Analysis: The Shortest Path Between a Developer and Accelerated Product Releases

Log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Abstract:
Modern software applications can feature thousands of direct or indirect code dependencies between proprietary and open source software components, many of which have security vulnerabilities.

Vulnerability scanning commonly reports a gigantic number of findings that demand attention by development teams. Our study, based on the review of hundreds of open source projects in Java, .NET, Python, and JavaScript, shows that about 70% of the reported vulnerabilities in real-world applications cannot be referenced from application code, thereby effectively posing no risk. However, many organizations establish the urgency of vulnerability handling based on the vulnerability’s reported severity. In light of the large number of reported vulnerabilities that are not ‘effective,’ security and development personnel often find themselves investing an inordinate amount of time addressing alerts that should have been prioritized in the first place.

Knowledge of a vulnerability’s ‘effectiveness’ is extremely valuable to organizations. It enables organizations to eliminate a substantial portion of reported security risks with 100% accuracy to concentrate on a significantly smaller number of ‘effective’ vulnerabilities. This enables organizations to save precious time, focus their development teams’ attention on real risks, apply remediation efficiently, and expedite product delivery.

This session presents how prioritization based on effective usage analysis enables organizations to confirm which reported vulnerabilities can be exploited, significantly reducing the number of vulnerabilities developers must remediate.

Speakers
avatar for Rami Elron

Rami Elron

Senior Director of Product Innovation, WhiteSource
Rami Elron is the Senior Director of Product Innovation at WhiteSource, driving application security strategic initiatives and thought leadership. Rami has defined and led the product specification for major staples of WhiteSource's portfolio, including the company's prioritization... Read More →


Friday September 24, 2021 5:00am - 5:30am EDT
On-Line