Explore the complexities of securing open source software in this 19-minute conference talk by Michael Lieberman from Kusari. Delve into the growing list of security considerations for software developers, including SLSA for secure builds, SPDX for creating SBOMs, Sigstore for software signing, and OpenVEX for vulnerability exchange. Learn about the "sandwich" of tools, practices, and data that developers must now produce and consume. Discover how Skootrs, a new open source tool, simplifies the adoption of these security practices through automation and guardrails, making it easier to implement cybersecurity measures from the start of a software project rather than retrofitting them later.
Eating the Open Source Security Sandwich with Skootrs
Overview
Syllabus
Eating the Open Source Security Sandwich with Skootrs - Michael Lieberman, Kusari
Taught by
OpenSSF
Related Courses
-
SLSA FRSCA Recipe for Secure Supply Chain
-
Fresh SLSA and GUAC - Understanding Open Source Package Risks and Transparency
-
Open Source Software Supply Chain Security - Understanding Threats and Best Practices
-
Introduction to Open Source
-
Is the Internet on Fire? Strategies for Mitigating Open Source Software Vulnerabilities
-
SLSA in Action: Securing the Software Supply Chain
