Learn about DoD software supply chain security practices in this 31-minute conference talk exploring techniques for evaluating open source software trustworthiness. Discover how the US Department of Defense's Unified Platform project develops methods to assess risk levels of open source software through analysis of project processes, policies, and practices. Gain insights into the integration of tools like MITRE's Hipcheck and OpenSSF Scorecard to support software approval processes. Understand how these evaluation techniques help address emerging Department of Defense guidance for open source software usage while providing concrete approaches for assessing both products and processes within the OSS ecosystem. The presentation demonstrates practical applications relevant to industrial, academic, and government institutions that rely heavily on open source software components.
Assessing Open Source Software Projects in the Software Supply Chain Security
Overview
Syllabus
Assessing Open Source Software Projects in the Software Supply... Scott Hissam & Joshua "CoCo" Crisp
Taught by
OpenSSF
Related Courses
-
DevOps with GitHub and Azure: Implementing Software Supply Chain Security with GitHub
-
How to Trust Your Open Source Software Using Scorecards
-
Open Source Software Transparency for Acquisition - Making Security Trade-off Decisions
-
Navigating the Intersection: AI's Role in Shaping the Secure Open Source Software Ecosystem
-
Fortify Your Code: Secure Your Supply Chain with Scorecard
-
How Do You Trust Your Open Source Software?
