Events , RSA Conference , RSA Conference Videos

State of Software Security: Has It Moved Past Unacceptable?

Brian Fox Discusses Legislative Efforts and Challenges in Software Security
Brian Fox, co-founder and chief technology officer, Sonatype

The state of software security is constantly evolving, and although awareness and conversation around it have increased, the industry is no closer to solving the problem, said Brian Fox, co-founder and chief technology officer, Sonatype.

Fox highlighted the crucial issues the industry continues to face. While legislation such as the software bill of materials is forcing the industry to address these issues, there's still much work to be done. Despite increased awareness, he said, 33% of Log4j downloads are still of vulnerable versions.

"We are in a world where we can't trust any of our software anymore until we get better at understanding who the people behind it are, what their motivations are, and providing that level of transparency," Fox said.

In this video interview with Information Security Media Group at RSA Conference 2024, Fox also discussed:

  • How companies are managing open-source software components after Log4j;
  • How organizations should approach software composition analysis;
  • How Sonatype is evolving to help customers meet their software security needs.

Fox has open-source experience as a member of the Apache Software Foundation and former chair of the Apache Maven project. He has over 20 years of experience leading the development of software for organizations, ranging from startups to large enterprises.


About the Author

Tom Field

Tom Field

Senior Vice President, Editorial, ISMG

Field is responsible for all of ISMG's 28 global media properties and its team of journalists. He also helped to develop and lead ISMG's award-winning summit series that has brought together security practitioners and industry influencers from around the world, as well as ISMG's series of exclusive executive roundtables.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.