From Security Weekly Wiki
Jump to navigationJump to search
Added By Paul's Craptastic PPWorks Code
= 2. Interview - Highlights From The New Open Source Security and Risk Analysis (OSSRA) Report - 01:00 PM-01:30 PM =
************************* MAKE CHANGES IN THE TEMPLATES BELOW! ***************************
=== Sponsored By ===
<gallery mode="packed" widths=150px heights=150px>
<center><strong>Visit for more information!</strong></center>
=== Announcements ===
<ul style="margin-left: 50px;">
<li>Layer 8 is Going Virtual! The conference will still be held on Saturday June 6th. Security Weekly listeners save $20 on their ticket by visiting and using the promo code &#34;SecurityWeekly&#34; before selecting your ticket type! Please consider supporting Layer8 or one of their partner organizations when purchasing your ticket! Some of the Security Weekly team will be in our own channel on the Layer8 Discord server answering questions and possibly doing some contests!</li>
<li>Learn how hidden vulnerabilities lead to application compromise in our next webcast with Snyk! Register for our upcoming webcasts or virtual trainings by visiting Or visit to view our previously recorded webcasts!</li>
=== Description ===
The 2020 OSSRA report shows that 91% of commercial applications contain outdated or abandoned open source components. The report, produced by the Synopsys Cybersecurity Research Center (CyRC), examines the results of more than 1,250 audits of commercial codebases, performed by the Black Duck Audit Services team. The most concerning trend in this year’s analysis is the mounting security risk posed by unmanaged open source, with 75% of audited codebases containing open source components with known security vulnerabilities, up from 60% the previous year. Similarly, nearly half (49%) of the codebases contained high-risk vulnerabilities, compared to 40% just 12 months prior.
===Tim Mackey===
<gallery mode="nolines" widths=175px heights=175px>
Image:TimMackey-1.jpg|'''[ Tim Mackey]''' is Principal Security Strategist at Synopsys<br>
Tim Mackey is a principal security strategist within the Synopsys Cybersecurity Research Center. He joined Synopsys as part of the Black Duck Software acquisition where he worked to bring integrated security scanning technology to Red Hat OpenShift and the Kubernetes container orchestration platforms. Tim delivers talks globally at well-known events such as RSA, Black Hat, KubeCon, DevSecCon, and Red Hat Summit. Tim is also an O&#39;Reilly Media published author and has been covered in publications around the globe including USA Today, Fortune, NBC News, CNN, and Dark Reading.<br>
<gallery mode="nolines" widths=175px heights=175px>
Image:John_Kinsella-1.jpg|<center>[ John Kinsella] - Vice President of Container Security at Qualys</center>
Image:MattAlderman-0.png|<center>[ Matt Alderman] - CEO at Security Weekly</center>
Image:mike-shema-0.jpg|<center>[ Mike Shema] - Product Security Lead at Square</center>


Navigation menu