SCA & Enterprise Vulnerability Management

0 minutes de lecture

| Talk |

John Bock | R&D, Optiv

While software composition analysis is typically found as part of the development cycle, it can also enable the traditional vulnerability management (VM) toolchain to gain insights into vulnerabilities on production assets. In this talk we'll explore how enterprise vulnerability management deals with open source vulnerabilities, how SCA can help, and how these vulnerabilities map to commonly used frameworks in the VM space, like MITRE ATT&CK. In addition to surveying application vulnerability management, we will also show process models for managing container vulnerabilities and issues that can be found inside infrastructure as code definitions.

Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.

Learn more about Snyk here.

Up Next

Why are there no incentives for security in Open Source?

OSS maintainers often receive no compensation for their time in fixing vulnerabilities. How can we solve this conundrum?

Poursuivre la lecture

Snyk est une plateforme de sécurité des développeurs. S’intégrant directement aux outils, workflows et pipelines de développement, Snyk facilite la détection, la priorisation et la correction des failles de sécurité dans le code, les dépendances, les conteneurs et l’infrastructure en tant que code (IaC). Soutenu par une intelligence applicative et sécuritaire de pointe, Snyk intègre l'expertise de la sécurité au sein des outils de chaque développeur.

Démarrez gratuitementRéservez une démo en ligne

© 2024 Snyk Limited
Enregistré en Angleterre et au Pays de Galles

logo-devseccon