Explore the decision-making process for forking dependencies in response to security vulnerabilities. Learn the rules of engagement used by Atsign when faced with CVE notifications and customer concerns about software bill of materials (SBOMs). Discover how to balance being a good community citizen while ensuring timely fixes for security issues. This 11-minute talk by Chris Swan from Atsign, presented at an OpenSSF event, provides valuable insights into when and how to fork dependencies responsibly in the face of unresolved vulnerabilities.
Overview
Syllabus
Rules of Engagement for Forking a Dependency - Chris Swan, Atsign
Taught by
OpenSSF
Related Courses
-
Supply Chain Risk Management with OWASP Dependency-Check
-
Hyades - Dependency Track for Enterprise Supply Chain Security with SBOM
-
OWASP Dependency Track - Software Composition Analysis and Vulnerability Management
-
Security Concerns in Every Stage of the Software Supply Chain
-
OWASP Dependency Track - Fortifying the Software Supply Chain
-
Supply Chain Security with Dependency Track
