Proactively Auditing Open Source Dependencies for Security - Here Is a Clean Section of the Beach

Explore the critical issue of open source dependencies and their impact on software security in this 45-minute conference talk by Munawar Hafiz from OpenRefactory and Michael Winser from Alpha-Omega. Delve into the challenges of identifying unknown vulnerabilities beyond those detected by Software Composition Analysis (SCA) tools. Learn about the Alpha-Omega project, sponsored by tech giants Amazon, Google, and Microsoft, and its mission to secure popular open source libraries. Discover the progress made in scanning and repairing thousands of libraries, the scaling challenges faced, and the complexities of data handling and storage. Gain insights into how this vital information is made accessible to end users, contributing to a safer software ecosystem.