Explore a groundbreaking approach to eliminating Open Source Software (OSS) vulnerabilities in this 38-minute Black Hat conference talk. Discover how security researchers can identify and fix thousands of affected projects simultaneously, and learn about automated systems that generate pull requests to address newly introduced vulnerabilities in production code. Delve into the Dan Kaminsky Fellowship, OpenRewrite, and various security issues such as Temp Directory Hijacking, Partial Path Traversal, and Zip Slip. Examine the potential of Control Flow Analysis and Pull Request Generation in streamlining the vulnerability remediation process. Consider the risks associated with this innovative approach to enhancing OSS security at scale.
Overview
Syllabus
Introduction
Dan Kaminsky Fellowship
OpenRewrite
Temp Directory Hijacking
Partial Path Traversal
Zip Slip
Control Flow Analysis
Pull Request Generation
Risks
Taught by
Black Hat