Loading…
September 13-16, 2022
Dublin, Ireland + Virtual
View More Details & Registration
Note: The schedule is subject to change.

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for Open Source Summit Europe 2022 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

This schedule is automatically displayed in Irish Standard Time (UTC +1). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date."

IMPORTANT NOTE: Timing of sessions and room locations are subject to change.

Back To Schedule
Wednesday, September 14 • 14:20 - 15:00
VEXing Open Source Security: Vulnerability Data for Everything - Andrew Martin, ControlPlane & Andres Vega

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share
Feedback form is now closed.
As CVEs proliferate and vulnerability scanners light up our open source projects, security teams are under increasing pressure that is pushed back onto maintainers, and we deserve better. And as we manage CVEs in our organisations is the quality of the data that we receive sufficient to manage the risk we are faced with every day? The machine-readable Vulnerability Exchange Format data standard may offer us a solution: defining the exploitability of vulnerabilities in the software and dependencies that we ship every day. Can we solve the high volume of false positives, halted releases, and late night? VEX may have the answer.
In this talk we:
- Question the efficacy of current vulnerability management approaches
- Compare the options available for enterprise vulnerability assessment
- Propose a solution to the global CVE deluge
- Suggest a contextual analysis framework for open source software security
- Attempt to enable a brighter future for the industry
Speakers
avatar for Andrew Martin

Andrew Martin

CEO, ControlPlane
Andrew has an incisive security engineering ethos gained building and destroying high-traffic web applications. Proficient in systems development, testing, and operations, he is at his happiest profiling and securing every tier of a cloud native system, and has battle-hardened experience... Read More →
avatar for Andres Vega

Andres Vega

Founder, M42

Wednesday September 14, 2022 14:20 - 15:00 IST
Wicklow Hall 2B (Level 2)
  SupplyChainSecurityCon, Measuring Risk of Potential & Already-included OSS