Overview
Explore the complexities of securing open source software in this 19-minute conference talk by Michael Lieberman from Kusari. Delve into the growing list of security considerations for software developers, including SLSA for secure builds, SPDX for creating SBOMs, Sigstore for software signing, and OpenVEX for vulnerability exchange. Learn about the "sandwich" of tools, practices, and data that developers must now produce and consume. Discover how Skootrs, a new open source tool, simplifies the adoption of these security practices through automation and guardrails, making it easier to implement cybersecurity measures from the start of a software project rather than retrofitting them later.
Syllabus
Eating the Open Source Security Sandwich with Skootrs - Michael Lieberman, Kusari
Taught by
OpenSSF