Date: February 5th at 1:00PM EST / 10:00AM PST

In December of 2013, the FS-ISAC Third Party Software Security Working Group released new controls to manage risk associated with open source libraries and components. These controls recommend financial institutions apply policy management and enforcement as well as inventory management for open source libraries and components used in their application portfolio.

Why should open source component management be a top priority?

  • 90% of the typical enterprise application is comprised of open source components
  • 71% of applications were found to contain components with known security flaws classified as severe or critical
  • 76% of organizations have no component management policies in place
  • OWASP now recognizes 'using components with known vulnerabilities' as a top 10 open source security risk

The recent attacks based on the critical vulnerabilities announced in the popular Struts web framework are a perfect example of the severity of the problem. So much so that the FBI issued this alert.

Join this webinar to hear best practices for how to establish effective governance and monitoring across the software supply chain.

Register Now


Featured Speakers:

Jim Routh, CISM, CSSLP
Information Security Leader

Jim Routh is the Chief Information Security Officer and leads the Global Information Security function for Aetna. He is the Chairman of the FS-ISAC Products & Services Committee and a former board member. He is a board member of the National Health-ISAC. He was formerly the Global Head of Application & Mobile Security for JP Morgan Chase. Prior to that he was the CISO for KPMG, DTCC and American Express and has over 20 years of experience in information technology and information security as a practitioner, management consultant and leader of technology, analytics and information security functions.


Joshua Corman, CTO, Sonatype
IT Security Strategist

Josh is currently the CTO of Sonatype with a focus on researching new technologies and software development trends to develop solutions for application security across the software development lifecycle. Additionally, Josh is working with the broader IT community, as well as policy and standards bodies, to improve software development security standards and best practices. Prior to Sonatype, Josh served as a security researcher and executive at Akamai Technologies, The 451 Group, and IBM Internet Security Systems, among other firms. A well-regarded innovator, he co-founded Rugged Software and IamTheCavalry to encourage the development of new cyber security solutions in response to the world’s increasing reliance on digital infrastructure. Josh's unique approach to addressing cyber security in the context of human factors and social impact has helped position him as one of the most trusted names in IT security. He also serves as adjunct faculty for Carnegie Mellon’s Heinze College, IANS Research, and as a Fellow at the Ponemon Institute.