Digging deeper into a topic that we first presented at Black Hat USA 2014- this presentation will expand on the challenges we face in securing third party libraries in the products and enterprise networks we are responsible for. More Libraries! More Vulnerabilities! More Things! Many developers today are turning to well established third-party libraries to speed the development process and realize quality improvements over creating an in-house proprietary font parsing or image rendering library from the ground up. Efficiency comes at a cost though: a single application may have as many as 100 different third party libraries implemented. The result is that third-party and open source libraries have the ability to spread a single vulnerability across multiple products- exposing enterprises and requiring software vendors and IT organizations to patch the same vulnerability repeatedly. How big of a problem is this? What libraries are the biggest offenders for spreading pestilence? And what can be done to minimize this problem? This presentation will dive deep into vulnerability data and explore the source and spread of these vulnerabilities through products as well as actions the security research community and enterprise customers can take to address this problem.

Back to Derbycon 2014 video list