Keeping your dependencies up to date is more important than ever. Unpatched software is an increasing problem in our industry, and in 2023 OWASP added A9-Using Components with Known Vulnerabilities onto their top 10 list for the first time. A recent study by Ponemon Institute revealed that 60% of all breaches were due to unpatched known vulnerabilities, but at the same time 62% of victims were unaware of that they were vulnerable.

Luckily OWASP has two projects that can help with this problem, Dependency-Check and Dependency-Track. Join me as we look at how Dependency-Check can be added to your build pipeline to prevent unpatched components from making it into your releases. And how to use Dependency-Track to monitor the dependencies of your deployed versions for new known vulnerabilities.