Explore strategies to mitigate open source security fatigue in this 44-minute conference talk from All Things Open 2022. Dive into lessons learned from three major open source security events: the Equifax breach via Struts, Log4j vulnerabilities, and Spring4Shell exploit. Analyze these situations as case studies to understand how security, engineering, and operations teams can streamline countermeasures for maintaining security and resilience without causing upheaval with each new vulnerability discovery. Examine past approaches that have failed and discover practical solutions to make vulnerability management less of a headache. While not eliminating vulnerabilities entirely, gain insights on reducing their impact and streamlining response processes for more efficient open source security practices.
Ending Open Source Security Fatigue - Lessons from Major Vulnerabilities
Overview
Syllabus
Say Vulnerabilities One More Time - Ending Open Source Security Fatigue - Alyssa Miller
Taught by
All Things Open
Related Courses
-
Ending Open Source Security Fatigue - Lessons from Major Vulnerabilities
-
OWASP Top 10 - A06:2021 - Vulnerable and Outdated Components
-
Adopting Open Source Securely - From Bare Metal to Cloud
-
Open Source Supply Chains and Consumption Risk Governance - Containers & Trust
-
Scalable Management of Vulnerabilities in Open Source
-
From Log4shell to OpenSSL - Reflections on a Year of Open Source Software Security
