The marquee event of the security industry is fast approaching – the 2018 RSA Conference will take place in San Francisco April 16 to 20. This is a highlight of the year for all of us at Veracode, and we will have a major presence there, in part because of the sheer size of this event – both in terms of attendance and scale. It’s definitely the leading business-focused security show, and we know that every AppSec vendor will be there, along with every AppSec practitioner from both a manager and purchasing perspective.
Are you planning to attend? I always find this event valuable, and look forward to attending every year. In particular, I always come home with a new understanding of the current security problems that are top of mind for most organizations, and that they are trying to solve. Security is a fast-moving space, and both the problems and solutions are constantly evolving. For instance, when Veracode first started going to RSA, we spent a lot of time at the booth answering “what is application security?” Then in a few short years, we were fielding questions from attendees desperate for guidance on getting an AppSec program off the ground as soon as possible.
This year, one of the problems I expect to hear a lot about is also the subject of my speaking session – the risk of open source components. We’re finding this is a top-of-mind issue among our customer base, and visibility is most often the crux of the issue. Developers have increasingly incorporated open source components into the code they’re writing, resulting in applications that today often feature more open source code than in-house code. In fact, 70 percent to 90 percent of Java applications are now made up of open source components. But what if there’s an announcement about a serious vulnerability in an open source component? Would you know if it’s in use in your organization? Most likely, you would not. In my speaking session, I’ll explore this problem and offer some practical tips on balancing the need for speed with the need for security.
Check out this short video featuring more of my thoughts on application security in general, and RSA in particular.
And find out more about Veracode’s presence at RSA this year.
Hope to see you there!