Explore strategies for mitigating open source software vulnerabilities in this 32-minute conference talk by Andrew Martin from ControlPlane and Michael Lieberman from Kusari. Delve into the current state of open source security, examining why it's no longer trusted by default due to supply chain attacks and vulnerabilities. Discover a range of tools and techniques to defend against these threats, including SBOM analysis, source code examination, open source ingestion techniques, and signing. Learn about assured open source programs, traditional defense-in-depth measures, and emerging security controls. Gain insights into the safety of open source software from GitHub and package managers, the importance of SBOMs throughout the software lifecycle, incident response using open source security tools, and designing systems beyond zero trust for compromise resilience and assumed breach scenarios.
Is the Internet on Fire? Strategies for Mitigating Open Source Software Vulnerabilities
CNCF [Cloud Native Computing Foundation] via YouTube
Overview
Syllabus
Is the Internet on Fire? Strategies for Mitigating Open Source... Andrew Martin & Michael Lieberman
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
-
Fresh SLSA and GUAC - Understanding Open Source Package Risks and Transparency
-
Untrusted Execution - Attacking the Cloud Native Supply Chain
-
The Road to Zero CVEs: People and Technology
-
Trusting Your Open-Source Software Supplier
-
Auto Generate SBOMs for Open Source Projects in Any Language and Platform
-
Scaling Software Supply Chain Source Security in Large Enterprises
