Overview
Explore the evolving landscape of open-source software (OSS) utilization in the public sector and its associated security concerns in this 25-minute conference talk by Ross Bryant from Phylum. Gain insights into the challenges of aligning OSS usage with current policies and controls. Learn best practices for complying with recent updates to NIST SSDF and SP 800-161, as well as new directives on Software Bill of Materials (SBOMs) for open-source components in the software supply chain. Examine the fundamental security model of OSS, its components, and evolving attack surface. Understand how threat actors and their Tactics, Techniques, and Procedures (TTPs) have changed within the OSS ecosystem. Discover how current controls need to adapt to address new areas of exposure in open-source software security.
Syllabus
Trusting Your Open-Source Software Supplier - Ross Bryant, Phylum
Taught by
Linux Foundation