Time Table

（Part 1）
Threats That Penetrate Multi-Layered Defenses
– From Breached Security to Becoming a Breach-Resistant Organization –

（Abstract）
As cyberattacks become increasingly sophisticated, many organizations are implementing robust security products such as EDR (Endpoint Detection and Response), NDR (Network Detection and Response), and WAF (Web Application Firewall) to build multi-layered defense systems. However, security incidents continue to occur even in such fortified environments, revealing that conventional defense measures alone may no longer be sufficient.

Behind this lies the fact that attackers are skillfully leveraging advanced techniques such as Living off the Land (LotL) and fileless attacks, which are specifically designed to evade traditional detection methods. As a result, there have been numerous instances where these behaviors slip through existing defense mechanisms undetected.

In this seminar, we will explore real-world examples of these sophisticated attack techniques and delve into the question: “Why do security breaches still happen, even with the latest security solutions in place?” We will also use actual vulnerability cases to illustrate the critical importance of timely patch management and updates.

Through this seminar, participants will gain insights to reassess their organization’s security posture, understand the latest threat landscape, and learn how to build a truly effective and resilient cybersecurity strategy.

======================================
（Part 2）
OSS Ecosystem’s Latent Risk: A Data-Driven Analysis of 20,000 In-the-Wild PURLs Reveals a Vast Unmaintained Attack Surface

（Abstract）
While software supply chain security often focuses on managing known vulnerabilities (CVEs), a broader and more silent risk is spreading beneath the surface. This risk stems from “dormant” open-source software (OSS) components—those that are officially End-of-Life (EOL) or whose maintenance has de facto ceased. Once a new vulnerability is discovered in these components, they can become persistent attack vectors for which no patches will ever be provided.

Grounded in empirical data rather than theoretical research, this presentation reports on a large-scale analysis of the OSS ecosystem’s health. The study is based on a unique dataset of 20,000 Package URLs (PURLs) from in-the-wild, operational environments, collected via the “FutureVuls” vulnerability management cloud service.

Our analysis not only evaluated static data, such as last release dates and official EOL information, but also comprehensively assessed multiple dynamic indicators of “development activity,” including various OSSF Scorecard metrics, repository commit frequency, and release cadence.

The results revealed a stark reality within the supply chain: approximately 50% of the analyzed components had not been updated in over two years, and 5-10% had been officially declared EOL.

This presentation will present this quantitative data and discuss how these dormant and EOL components can become attractive targets for attackers. Furthermore, from a defensive perspective, we will propose a practical OSS lifecycle management framework that supplements traditional vulnerability scanning to help visualize and quantify these latent risks.

Speakers:
Masato Watanabe（渡邉 正人）Future Secure Wave, Inc. Cyber Security UNIT　REDTEAM Leader
Kouta Kanbe（神戸 康多）Future Corporation Cyber Security Innovation group Senior Architect