Explore the intricacies of managing vulnerabilities in open-source dependencies in this 13-minute conference talk by Eva Sarafianou from Mattermost. Learn how to navigate the challenges of securing third-party components in software development, where products often combine in-house code with open-source dependencies. Discover key considerations for evaluating software composition analysis tools and gain insights into implementing a successful tool rollout. Delve into effective strategies for triaging findings and shifting from a reactive to a proactive security posture. Walk away with a foundational yet adaptable process to enhance the security of products relying on open-source dependencies, addressing the often overlooked aspect of safeguarding against vulnerabilities in these components.
Managing Vulnerabilities in Open-Source Dependencies
Overview
Syllabus
Managing Vulnerabilities in Open-Source Dependencies - Eva Sarafianou, Mattermost
Taught by
OpenSSF
Related Courses
-
Supply Chain Risk Management with OWASP Dependency-Check
-
Assessing Vulnerabilities and Reducing Risk
-
Application Analysis with Snyk
-
Secure Coding: Using Components with Known Vulnerabilities
-
Inspecting Open Source Software Packages for Security and License Compliance
-
Managing Vulnerability Response Dependencies in Third-Party Components - AppSecCali 2019
