Explore secure open source practices in this 30-minute conference talk from NDC Porto 2022. Learn about the importance of open source security, including high-profile vulnerabilities like Log4j, and their potential impact on applications. Discover practical steps for choosing secure libraries and managing dependencies effectively. Gain insights on evaluating open source packages based on popularity, update frequency, known vulnerabilities, and licensing. Understand the challenges posed by nested dependencies and the necessity of regular updates. Explore various tools, both free and paid, for scanning open source code. Conclude with a Q&A session to address specific concerns about implementing secure open source practices in your projects.
Overview
Syllabus
Introduction
Open Source Code
Open Source Library
Nested dependencies
Updates
Tools
Licensing
QA
Taught by
NDC Conferences
