Managing Open Source RisksChris Eng of CA Veracode on Best Practices
Open source and third-party components help developers build and deploy applications faster. But with increased speed comes greater risks, says Chris Eng of CA Veracode, who offers insights on mitigating those risks.
In a video interview at Information Security Media Group's recent Fraud & Breach Prevention Summit: Toronto, Eng discusses:
- Maintaining libraries of open source components;
- The tradeoff between security and speed in software development;
- The need for a "trust but verify" mindset when using third-party code.
Eng is vice president of research at CA Veracode, where he leads the team responsible for integrating security expertise into the company's core product offerings. Previously, he was technical director at Symantec and an engineer at the National Security Agency.