Explore the risks and benefits of open source software in this 28-minute DevSecCon talk by Shilpi Bhattacharjee, co-founder of the Cloud Security Podcast. Learn about the Open Source Software Security Mobilization Plan and discover strategies to address security concerns in open source dependencies. Gain insights into implementing effective open source policies, understanding the impact of open source on innovation and potential breaches, and explore key initiatives such as digital signatures, third-party code reviews, and establishing an Open Source Program Office. Delve into the importance of protecting open source projects while leveraging their benefits for organizational growth and innovation.
Open Source Dependencies and Maintainers - Risks and Solutions
Overview
Syllabus
Intro
What is open source
How to protect open source
Why use open source
Dangers of open source
Blog
Impact
What can you do
OpenSSF
Digital signature of software
Thirdparty code reviews
Sbomb
Open Source Program Office
Wrap Up
Taught by
DevSecCon
Related Courses
-
Managing Vulnerabilities in Open-Source Dependencies
-
How to Trust Your Open Source Software Using Scorecards
-
Securing Open Source Supply Chains: Challenges and Solutions
-
Why You Should Care About Open Source Supply Chain Security
-
Open Source Supply Chain Security for Enterprises
-
Securing the Unseen: Defending Against Open Source Software Supply Chain Attacks
