Learn about Google Open Source Security Team's (GOSST) groundbreaking initiative to enhance supply-chain security across ~200 critical open-source projects in this 36-minute conference talk. Explore the challenges maintainers face in implementing security improvements, where the benefits primarily serve package consumers rather than adding direct features or fixing bugs. Discover the team's successful approach that resulted in over 500 accepted contributions, gaining insights into their philosophy, methodology, and key learnings from working with various open-source projects. Gain valuable knowledge about supporting maintainers in strengthening open-source security, whether you're a consumer, maintainer, or security enthusiast interested in contributing to a more secure open-source ecosystem.
Supply-Chain Security: What Helping 200 Projects Improve Their Security Looks Like
Overview
Syllabus
Supply-Chain Security, Outside in: What Helping ~200 Projects... Pedro Nacht & Diogo Teles Sant'Anna
Taught by
OpenSSF
Related Courses
-
Build community-driven software projects on GitHub
-
Open-Source Supply Chain Security in Action
-
Software Supply Chain Security - Key Terms, Players, and Projects - Part 2
-
Improving Global Software Supply Chain Security with Alpha-Omega
-
Supply Chain Security in the Enterprise
-
What Role Do Package Registries Have in Securing the Supply Chain?
