AppSecCali 2019 - It Depends... - Kristen Pascale & Tania Ward

z024vEy1pSY/default.jpg

From the time we choose to rise each morning, to the time we finally rest our heads, almost every decision made in our daily lives, depends on something. When we understand these dependencies, we are better equipped to control our responses. Managing vulnerability response is no different. In fact, the quality of a response correlates closely to the degree in which dependencies are known and understood. This is especially clear when managing the response for third party components. As developers incorporate more and more open source and commercial third party components into their products, the complexity of these dependencies continues to increase, threatening the ability of a PSIRT to provide quality vulnerability response. A framework for managing dependencies (and their dependencies!), is critical to enabling developers to understand the downstream impact of decisions (made upstream) on a PSIRT. A framework opens the door for PSIRTs to shape the decisions that are made around third party components, much earlier in the product lifecycle. By driving a dialogue through dedicated PSIRT controls upstream, we lay the foundation for a PSIRT response that truly shifts from reactive to proactive. In this talk, come and learn about the framework that Dell EMC has used with good success!

Kristen Pascale
Principal, Technical Program Manager, Dell EMC
Kristen Pascale has worked as part of the Dell Product Security Incident Response Team (Dell PSIRT) for over 6 and a half years. While Kristen's time at Dell EMC has been primarily focused on handling and responding to vulnerabilities in third party software.

Tania Ward
Consultant Program Manager, Dell
Tania Ward has worked as a program manager within Dell Product Security Incident Response Team for just under 6 years. In that time, she revamped the vulnerability response program, instituted company wide KPIs and participated in a number of FIRST initiatives.

-

Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP...

z024vEy1pSY/default.jpg
AppSecCali 2019 - It Depends... - Kristen Pascale & Tania Ward AppSecCali 2019 - It Depends... - Kristen Pascale & Tania Ward Reviewed by Anonymous on March 18, 2019 Rating: 5