Open-Source Security Management and Vulnerability Impact Assessment

Re-usage of Open Source Software (OSS) has increased in commercial software development by orders of magnitude. This presentation will show how OSS vulnerabilities can be managed at large scale (about 10,000 OSS usages in our case), and how to address sins from the past. At last a concept will be shown which automates the analysis of the exploitability potential of an insecure OSS component.

Speakers

Gunter Bitz; Henrik Plate

Senior Manager Legal Compliance, SAP SE

Gunter Bitz is the Senior Manager for the European and APJ Technology Legal Compliance team. His team is supporting SAP’s product engineering groups in managing legal compliance and software security aspects arising from the consumption of open source software and freeware during the software development lifecycle.
Prior to his current role Bitz was responsible for product security governance at SAP and held the position of the product security spokesperson. In his first role at SAP he was protecting the organization’s intellectual property by designing and implementing global policies and information security technology.
Bitz has spoken at many international security conferences, in particular RSA conferences and was member of the program committee of RSA Europe and RSA APJ.

Henrik Plate works as a Senior Researcher in the Product Security Research group within SAP since 2007. During this time, he was coordinator and scientific lead of the European FP7 research project PoSecCo, built up an SAP-wide security training for application developers and performed security assessments of SAP applications. Currently, he researches new approaches and tooling for ensuring a secure consumption of third party components in the software supply chain. Before joining the SAP research group, Plate held different positions as a software engineer, and studied computer science and business administration at the University of Mannheim. He holds a diploma from the University of Mannheim and is a CISSP.

Detailed Presentation:

(Source: RSA USA 2016, San Francisco)

8669803085?profile=original

E-mail me when people leave their comments –

CISO Platform

You need to be a member of CISO Platform to add comments!

Join CISO Platform