Aspect Security’s Williams to Lead Discussion on Insecure Libraries at OSSI

May 29, 2012 - PRLog -- Application security pioneer among elite group of security experts gathered for NSA-presented conference

Columbia, Md., May 29, 2012 – Jeff Williams, CEO of Aspect Security, has gathered top security industry experts for a discussion at Open Source Software Industry Day on the “Unfortunate Reality of Insecure Libraries,” a study recently released by Aspect Security in conjunction with Sonatype.  The event is hosted by the Open Source Software Institute and the National Security Agency and will be held at Johns Hopkins University’s Kossiakoff Conference Center on Wednesday, May 30.

“Agencies are rapidly adopting open source software. Open source can save both time and cost when building applications, but there are significant security challenges,” notes Williams. “We have assembled a panel of experts to discuss best practices and newest approaches to securing open source components. Aspect Security is very active in the open source community, and has created dozens of widely used open source standards, guidelines, and tools. Our extensive work securing mission-critical applications for federal clients has given us unique insight into the open source security challenges faced by modern agencies.”

Williams has assembled a panel of security experts to discuss the topic of insecure libraries, including Joe Jarzombeck, director of Software Assurance at the DHS National Cyber Security Division; Wayne Jackson, CEO of Sonatype; and Ron Gula, CEO of Tenable. The panel will discuss the lack of a vulnerability notification infrastructure for open-source libraries and debate ideas for protecting your organization.

The risk of vulnerabilities in open source components is widely ignored and underappreciated. Aspect Security’s recent study in conjunction with Sonatype of 113 million downloads by 60,000 commercial, government and non-profit organizations showed that 26 percent were old versions with known vulnerabilities. Williams and the panel will discuss how every organization should be concerned about the security of the components that they use and trust to run their business.

Open Source Software Industry Day will feature prominent government, industry and open source development community speakers and interactive panel discussions that focus on issues identified as areas of key interest by government representatives. Primary topics will include: legal and policy, adoption and strategic management practices, existing and future technology resources, cloud computing, large data management, security, social media and collaboration, embedded systems and risk management.

As a pioneer in the software development and security field, Williams is one of the world’s foremost experts on application security.  Williams and his team at Aspect Security are founding members of the Open Web Application Security Project (OWASP), through which Williams has made industry contributions including: the OWASP Top Ten, Enterprise Security API (ESAPI), Application Security Verification Standard (ASVS), Risk Rating Methodology and WebGoat.

About the Open Source Software Institute
The Open Source Software Institute is a membership-based, non-profit organization whose mission is to promote the development and implementation of open source software solutions within U.S. federal, state and local government agencies. For additional information, visit www.oss-institute.org.

About Aspect Security
Founded in 2002, Aspect Security is a consulting firm focused exclusively on application security, ensuring that the software that drives business is protected against hackers. Aspect Security’s engineers analyze, test and validate on average of 5,000,000 lines of critical application code every month. The company unearths more than 10,000 vulnerabilities every year across a wide range of technologies and architectures, and the company’s practical recommendations dramatically improve clients’ security posture. Aspect Security supports a worldwide clientele with critical applications in the government, defense, financial, healthcare, services and retail sectors.  For more information, please visit www.aspectsecurity.com.