logo
securityArticlesConferencesPresentations

Addressing Cybersecurity Challenges in Open Source Software

Conference:  SupplyChainSecurityCon 2022

2022-06-21

Authors:   Matt Jarvis, Steve Hendrick

Summary

The main theme of the conference presentation is the importance of involving developers in improving security knowledge and leveraging specialized security tools to automate security processes in DevOps. The presentation also emphasizes the need to rely on vendors for guidance and to follow best practices for security policy.
  • Involving developers in improving security knowledge and empowering them to make decisions based on guidance and feedback can be effective in improving security posture.
  • Leveraging specialized security tools, such as FAST, is crucial for providing guidance and insight for identifying security risks.
  • Relying on vendors for guidance and help in solving security problems is necessary due to the complexity of identifying security risks.
  • Automating security processes is essential for addressing security issues without impacting the speed of innovation.
  • Following best practices for security policy, such as those provided by the Linux Foundation's Secure Software Development course, can help organizations understand their current security posture and improve it over time.
The speaker mentioned that involving developers in security knowledge and decision-making can be effective in improving security posture. By providing guidance and insight, developers can make informed decisions and solve security problems more effectively. This approach empowers developers to become security individuals and helps organizations scale their security processes.

Abstract

Organizations of all sizes are heavily reliant on software, and much of that software supply chain consists of open source software components. Because of this, open source software has cybersecurity implications: the software supply chain is an attractive entry point for people and organizations interested in theft, disruption, or exploitation for economic or political gain. Join Steve Hendrick (Linux Foundation) and Matt Jarvis (Snyk) as they discuss the latest OpenSSF cybersecurity research which describes where organizations are today in their cybersecurity journey and what can be done to improve the cybersecurity profile of open source software going forward.
Materials:
Slides
Tags:
cybersecurity
Open Source
software
supply chain
vulnerabilities

Post a comment

Related work

Sponsored Session: Because Security Matters: Securing Your Open Source Supply Chain

Conference:  SupplyChainSecurityCon 2022
Authors: Don Vosburg, Aaron Conklin
2022-06-22

SLSA FRSCA Recipe For Secure Supply Chain

Conference:  KubeCon + CloudNativeCon North America 2022
Authors: Michael Lieberman, Parth Patel
2022-10-26

Keynote: Supply Chain Infections and the Future of Contactless Deliveries

Conference:  BlackHat USA 2021
Authors:
2021-08-04

Software supply chain safety: lessons from the industrial revolution

Conference:  Global AppSec San Francisco 2022
Authors: Tsvi Korren
2022-11-18

What Data Tells Us About Software Supply Chain Security & What To Do About It

Conference:  KubeCon + CloudNativeCon North America 2022
Authors: Eric Tice, Josh Bressers, Tracy Miranda, John Yeoh
2022-10-28

What Makes A Build Reproducible?

Conference:  SupplyChainSecurityCon 2022
Authors: Rose Judge, Joshua Lock
2022-06-21