Explore the challenges and practical solutions for open source security compliance in this 18-minute conference talk by Philippe Ombredanne from AboutCode. Gain insights into the limitations of proprietary tools in addressing software supply chain issues and meeting regulatory requirements. Learn about the struggles faced by software teams in navigating the complex landscape of security tools and databases, especially in light of the increasing number of reported CVEs. Discover practical approaches using OpenSSF projects, open source tools, and open data to achieve automated compliance and robust software supply chain security processes.
The Current State of Open Source Security Compliance Tooling Is Well, Sad
Overview
Syllabus
The Current State of Open Source Security Compliance Tooling Is … Well, Sad. - Philippe Ombredanne
Taught by
OpenSSF
Related Courses
-
AZ-400: Implement security and validate code bases for compliance
-
Inspecting Open Source Software Packages for Security and License Compliance
-
Supply Chain Security, SBOMs and OSPOs: An Ecosystem and Compliance Update
-
GitHub Supply Chain Security Using GitGat
-
Securing Your Supply Chain with an Open Source Ecosystem
-
Open Source Supply Chain Security for Enterprises
