The OpenSSF Scorecard is an automated tool that assesses several important heuristics ("checks") associated with software security and assigns each check a score of 0-10. These scores help developers understand specific areas to improve to strengthen the security posture of a dependency. This session will discuss projects like the Eclipse Foundation, enoyproxy, and tensorflow use Scorecard.


RSAC 2023 brought together thousands of cybersecurity professionals for four incredible days of expert perspectives, groundbreaking innovation, and best practices. 

How Do You Trust Open Source Software?

Conference: RSA Conference 2023

Authors: Brian Russell, Naveen Srinivasan

Abstract

Post a comment

Related work

Assessing the Risk of Open-source Components Using OpenSSF's Scorecard

Zero bugs found? Hold my Beer AFL! How To Improve Coverage-Guided Fuzzing and Find New 0days in Tough Targets