Vulnerability Scanning For Free (as in Puppies)
Secure software supply chains with 0 vulnerabilities sounds like a great idea, but once you start looking through entire dependency chains and large systems, it can be a lot harder to achieve than one might expect. Using the free, open source, CVE Binary Tool vulnerability scanner (written in python!), we'll show what it looks like to set up vulnerability scanning, what kinds of fun things you find, and how keeping things up to date can mean an ongoing maintenance burden that is more like a free puppy than a free beer. We'll talk about how naive policies, governmental mandates and capitalism may ruin your day, and what we can do to stay secure and help everyone get past the puppy phase without sending anyone back to the pound.