Knowing What Risks Matter and Don't in Your Open Source

Explore the critical aspects of open-source software security in this 42-minute conference talk from LASCON. Discover key findings from telemetry data of thousands of real-world applications, revealing trends in library usage, vulnerabilities, and best practices. Learn surprising statistics about open-source code usage, false positive rates in legacy software composition analysis tools, and the prevalence of high-risk licenses in Java and Node applications. Gain insights into the challenges of protecting applications with open-source components in an era of accelerated development and frequent vulnerability exploitation. Understand the importance of comprehensive observability in identifying and addressing the most significant risks while avoiding time wasted on non-threatening vulnerabilities. Presented by Naomi Buckwalter, Director of Product Security at Contrast Security, this talk equips you with valuable knowledge to enhance your approach to open-source software security.