Explore a highly scalable approach to eliminating open-source software vulnerabilities in this 52-minute conference talk by Jonathan Leitschuh from the Open Source Security Foundation/Linux Foundation. Learn about the challenges of finding and fixing simple yet widespread security issues across hundreds of thousands of OSS projects. Discover how tools like GitHub's CodeQL and OpenRewrite can be leveraged to automate vulnerability scanning, triaging, reporting, and fixing at scale. Gain insights into the practical applications of automated bulk pull request generation for real-world OSS projects, and understand how this technique can efficiently utilize researcher knowledge to address vulnerabilities across the open-source ecosystem. Delve into the potential of this approach to not only identify security issues but also provide actionable solutions to volunteer OSS maintainers, ultimately working towards eliminating vulnerabilities once and for all.
Scaling the Security Researcher to Eliminate OSS Vulnerabilities - Automated Solutions
Overview
Syllabus
Scaling the Security Researcher to Eliminate OSS Vulnerabilities Once and for...- Jonathan Leitschuh
Taught by
Linux Foundation
Tags
Related Courses
-
Scaling the Security Researcher to Eliminate OSS Vulnerabilities Once and For All
-
Scaling the Security Researcher to Eliminate OSS Vulnerabilities Once and For All
-
DevOps with GitHub and Azure: Implementing Software Supply Chain Security with GitHub
-
From an OSS-Fuzz Report to LKML Patch Submission - A Hands-on Journey
-
GitHub Advanced Security: Securing the World's Software - Lecture
-
Will Large-Scale Automated Scanning Stop Malware on OSS Repositories?
