Rewrite code for each update of your favorite framework or keep track
of vulverability database of NIST? Delete vulnerable component from
internal repository or understand is vulnerability applicable for us?
How to start scan 500 kkloc and keep teams informed about vulnerabilities
of components used by them?
We’ll tell about our approach to open-source security: how we reuse
data of other Appsec practices, how we change tools for our needs and
what for us is lack in modern OSS scaners.