The benefits of including Open Source Software in products and services are very well understood, including many that greatly improve the security of the resultant product. Less well-known or understood, however, is the real security impact of bundling OSS and other third-party software into products.
Bundled third-party software presents new security challenges that must be managed. These challenges range from varied or nonexistent upstream disclosure practices to under-documented internal use and a general lack of ownership. Further complicating matters, there often exists a historic legacy of unbridled third-party software use that must be overcome. These challenges can be made more manageable through a structured approach specifically tailored to bundled third-party software security.
This session will discuss approaches to bundled third-party software security and the following specific topics:
At the completion of this session attendees will be more equipped to tackle this challenging area within their own organizations.
Tim Sammut is an engineer in the Security Research and Operations organization at Cisco where he leads company-wide initiatives around the product security impact of bundled third-party software. This area of work extends beyond Cisco where he chairs the Third-Party Software Security working group within ICASI—the Industry Consortium for Advancement of Security on the Internet—and volunteers on the Gentoo Linux Security Team.
Not always focused, Tim generally enjoys marrying creativity and technology to tackle difficult problems. He is a published author with more than 15 years of experience in some of the largest and most complex internetworks.
Tim lives in northern California with his wife, daughters, dog and fish.
Comments on this page are now closed.
For information on exhibition and sponsorship opportunities at the conference, contact Sharon Cordesse at (707) 827-7065 or firstname.lastname@example.org.
View a complete list of OSCON contacts