Learn about the complexities of open source software security and acquisition in this 35-minute talk from Carnegie Mellon Software Engineering Institute's Scott Hissam. Explore how modern systems rely heavily on reused open-source components and the associated cybersecurity challenges this creates. Discover approaches for organizations to balance cost, schedule, and security considerations when acquiring OSS components. Examine why traditional security assumptions about "many eyes" reviewing code are insufficient without understanding the depth and quality of analysis performed. Gain insights into the importance of measuring both software development processes and product security metrics to make informed decisions about open source software implementation.
Open Source Software Transparency for Acquisition - Making Security Trade-off Decisions
Overview
Syllabus
Open Source Software (OSS) Transparency for Acquisition - Scott Hissam, Carnegie Mellon
Taught by
OpenSSF
Related Courses
-
Inspecting Open Source Software Packages for Security and License Compliance
-
Assessing Open Source Software Projects in the Software Supply Chain Security
-
Preparing for Zero-Day: Vulnerability Disclosure in Open Source Software
-
Addressing Cybersecurity Challenges in Open Source Software
-
Navigating the Intersection: AI's Role in Shaping the Secure Open Source Software Ecosystem
-
Security Patch Identification on Open-Source Software
