Explore the risks and benefits of open source software in this 28-minute DevSecCon talk by Shilpi Bhattacharjee, co-founder of the Cloud Security Podcast. Learn about the Open Source Software Security Mobilization Plan and discover strategies to address security concerns in open source dependencies. Gain insights into implementing effective open source policies, understanding the impact of open source on innovation and potential breaches, and explore key initiatives such as digital signatures, third-party code reviews, and establishing an Open Source Program Office. Delve into the importance of protecting open source projects while leveraging their benefits for organizational growth and innovation.
Open Source Dependencies and Maintainers - Risks and Solutions
Overview
Syllabus
Intro
What is open source
How to protect open source
Why use open source
Dangers of open source
Blog
Impact
What can you do
OpenSSF
Digital signature of software
Thirdparty code reviews
Sbomb
Open Source Program Office
Wrap Up
Taught by
DevSecCon
Related Courses
-
Securing Open Source Supply Chains: Challenges and Solutions
-
How to Trust Your Open Source Software Using Scorecards
-
Why You Should Care About Open Source Supply Chain Security
-
Securing Open Source Dependencies - It’s Not Just Your Code That You Need to Secure
-
Talking with Management About Open Source - Making the Business Case
-
Open Source Dependencies: Risks and Impacts - AppSec EU 2017
