Welcome to OWASP AppSec 2018 USA we look forward to seeing you in San Jose, CA
Back To Schedule
Thursday, October 11 • 1:30pm - 2:05pm
Paving the road for Developers: Lessons from integrating third party library scanning in DevOps workflows

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
The necessity of securing third-party libraries and packages is not a new concept, however, not many organizations understand its importance in a world where open source is mainstream. There is an exponential growth in the usage of third party libraries and reusing code is the norm for developers. Adding a library can end up adding several other dependencies without the developer even being explicitly aware of them. Now combine this with the rapid pace of shipping new code on a daily basis, and the security challenge all of a sudden seems insurmountable.

In this talk, we will share our story of how we tackled this challenge head-on and leveraged DevOps tooling to build security that enables the developers. You should attend this talk if you want to learn about the technical and architectural choices of library scanning that worked for us at scale, and the ones that didn’t. You will learn how to drive automation while maintaining the consistency of overall developer experience.

And while you may have heard great talks about how DevOps (or DevSecOps) enables security, it also sets you up for losing credibility at DevOps speed if you’re not careful. We will give you tips and tricks, the Do’s and Don'ts that will enable you to implement third-party library security automation in your developer workflow, make it the path of least resistance and empirically measure success over time.

avatar for Tim Champagne

Tim Champagne

Sr. Product Security Engineer, Medallia
avatar for Harshil Parikh

Harshil Parikh

Director of Security, Medallia
Harshil Parikh leads the security team at Medallia, Inc. He is currently helping democratize security within Medallia for functions like Secure Product Development Lifecycle, DevSecOps, Monitoring & IR.

Thursday October 11, 2018 1:30pm - 2:05pm PDT
Regency 2
  Regency Ballroom 2, Intermediate
  • NEW FIELD 1 Track 2