[OWASP-Philadelphia] Next Chapter Meeting: Thursday May 12th at the Navy Yard (5:45-8:00)

Aaron Weaver aaron.weaver2 at gmail.com
Tue Apr 26 14:30:08 UTC 2016

Come join us at the Navy Shipyard while we chat about AppSec. Sign up here:


   - Food!
   - The Illusion of Control: Security and Your Software Supply Chain,
   Derek Weeks
   - Building your Own Security ChatBot, Aaron Weaver

The Illusion of Control: Security and Your Software Supply Chain

If you want to know why OWASP’s A9 guideline on use of vulnerable open
source components is so relevant to AppSec professionals, you’ll want to
join us at this meeting.

In June 2015, I authored the State of the Software Supply Chain Report - a
quantitative analysis of 100,000 software development organizations that
consumed 17 billion open source and proprietary software components. In
2016, we’ll release the latest version of the report revealing that volume
has increased to 31 billion.

While the average organization consumed over 500,000 components, our
research reveals evidence of inefficient software sourcing practices,
building in outdated components, and using software with known security
vulnerabilities  by mistake.  During the session, I will reveal many more
details of the research that are relevant to your organization.

Attendees will learn how technology, banking, and government organizations
are applying proven supply chain principles from the manufacturing industry
toward improving their Agile, Continuous Delivery, and DevOps practices. I
will openly share insight about the rampant and unbridled use of open
source and third party components that will change the way you think about
everything, and put you leagues ahead of organizations who are still in the

If you join us, we’ll provide a hands-on demonstration of some of the free
AppSec technologies that can support your OWASP A9 initiatives.

Derek E. Weeks
VP and Rugged DevOps Advocate, Sonatype

This year, Derek is leading the largest and most comprehensive analysis of
software supply chain practices to date across 100,000 development
organizations.  The research details the consumption of billions of open
source and third-party software components while also shedding new light on
the scale of known vulnerable software being ingested by development
organizations worldwide.  Derek is a huge advocate of applying proven
supply chain management principles into development and application
security practices to improve efficiencies, reduce security risks, and sustain
long-lasting competitive advantages. He currently serves as vice president
and Rugged DevOps advocate at Sonatype. Derek is a distinguished
international speaker, having delivered his research at AppSec USA, InfoSec
Europe, LASCON, HP Protect, Pentagon Joint Service Providers Conference,
and numerous OWASP meet-ups.

Aaron Weaver
Philadelphia OWASP Chapter Lead
OWASP AppSec Pipeline Lead
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-philadelphia/attachments/20160426/6d736226/attachment.html>

More information about the OWASP-Philadelphia mailing list