An aspect of DevSecOps is increased use of 3 rd party components. As software becomes more complex, developers are more dependent on online repositories. Examples of this are OS vendors' package repos, Dockerhub, and language repositories for Go, PHP and Ruby. An evaluation was done on the Python's online repository Pypi. A scan showed that 1% of the most commonly used packages contained known known vulnerabilities. Worse, there was no formal process to deal with these problems. Mitigations to these risks will be presented.

Bio:
Alex deVries is a security architect and has experience developing SDLC programs, security incident response and penetration testing. He has a background in Linux OS development.