Wrangling Those Pesky 3rd-party Software Vulnerabilities
Like many large software companies, Adobe makes use of both open source and commercial off-the-shelf software components to deliver solutions to its customers. From time to time, as with any publicly available software, vulnerabilities may be uncovered that require resolution – creating a cascading challenge in assuring that any solution we have using those components is remediated quickly. To help solve this vexing problem, Adobe developed an in-house solution we call “TESSA.” This session will discuss how TESSA came about, how it is helping to both track and automate remediation of vulnerabilities, and how we integrate it into our software development lifecycle to help us react more quickly to industry vulnerabilities. We would also like to get your feedback during this session to determine if TESSA would be useful to the CSA community as an open source project.