Loading…
Attending this event?
We have been working hard to secure the world through challenges and discovery. And now, it’s time to celebrate! Many of you have played a crucial role in the Foundation’s enduring history, and we encourage you to participate in the celebration coming this September! Our theme, Securing the Next 20 Years, is encouraging and exciting as we look ahead to the next 20 years!

Join us for FREE at this live 24-hour global event as we honor the past, celebrate the present, and embrace the future of OWASP and cybersecurity. Hear from world-renowned keynotes and special speakers, and network with your peers. It is FREE to attend, however, registration IS required, so please register today!

Back To Schedule
Friday, September 24 • 5:00am - 5:30am
Effective Usage Analysis: The Shortest Path Between a Developer and Accelerated Product Releases

Log in to save this to your schedule, view media, leave feedback and see who's attending!

Abstract:
Modern software applications can feature thousands of direct or indirect code dependencies between proprietary and open source software components, many of which have security vulnerabilities.

Vulnerability scanning commonly reports a gigantic number of findings that demand attention by development teams. Our study, based on the review of hundreds of open source projects in Java, .NET, Python, and JavaScript, shows that about 70% of the reported vulnerabilities in real-world applications cannot be referenced from application code, thereby effectively posing no risk. However, many organizations establish the urgency of vulnerability handling based on the vulnerability’s reported severity. In light of the large number of reported vulnerabilities that are not ‘effective,’ security and development personnel often find themselves investing an inordinate amount of time addressing alerts that should have been prioritized in the first place.

Knowledge of a vulnerability’s ‘effectiveness’ is extremely valuable to organizations. It enables organizations to eliminate a substantial portion of reported security risks with 100% accuracy to concentrate on a significantly smaller number of ‘effective’ vulnerabilities. This enables organizations to save precious time, focus their development teams’ attention on real risks, apply remediation efficiently, and expedite product delivery.

This session presents how prioritization based on effective usage analysis enables organizations to confirm which reported vulnerabilities can be exploited, significantly reducing the number of vulnerabilities developers must remediate.

Speakers
avatar for Dr. Aharon Abadi

Dr. Aharon Abadi

Chief Scientist, WhiteSource
Aharon Abadi (PhD)  Chief Scientist at WhiteSource sinch November 2017. Aharon studied computer science at the Tel-Aviv University, receiving BSc, MSc, and PhD degrees, respectively. Aharon research interests lie a wide range of topics including application security, open source... Read More →
avatar for Rami Elron

Rami Elron

Senior Director of Product Management, WhiteSource
Rami Elron is the Senior Director of Product Innovation at WhiteSource, driving application security strategic initiatives and thought leadership. Rami has defined and led the product specification for major staples of WhiteSource's portfolio, including the company's prioritization... Read More →


Friday September 24, 2021 5:00am - 5:30am EDT
On-Line
Feedback form isn't open yet.