O'reilly Security Podcast - O'reilly Media Podcast

The O’Reilly Security Podcast: Vulnerabilities in assembled software and the need for immediate developer feedback.In this episode, I talk with Chris Eng, vice president of research at Veracode, a software security-as-a-service business. We discuss Veracode’s research on application security across a broad spectrum of industries, the challenges of securing modern “assembled” software, and making it easier for developers to bake in security from the get-go.Here are some highlights: Software security: Some assembly required No one is writing software from scratch these days. Now, building software is more like assembling software from ingredients. You pull together a library for this, a library for that, and then, by the way, your shiny new piece of software inherits all the security holes in those libraries. As the product matures over time, people start to lose track of what went into it, nobody keeps an inventory of those libraries, and people don't upgrade libraries if t