10:20 - 11:20
Talk (60 min)
Secure Open Source Practices
With high-profile open source vulnerabilities in the news, it’s important to know how to choose secure libraries and manage your dependencies. In this talk, we will discuss why open source security is important, and you will learn practical steps you can take to ensure your software is as secure as possible.
- The impact open source can have on your applications
- Examples: Obviously everyone is talking about Log4j but there may likely be more examples by April
- Impact of vulnerabilities
- How to choose the best open source package
- How many other people are using it?
- How often is it updated?
- Known vulnerabilities (and the severity thereof) - where there’s smoke there’s fire.
- Nested dependencies and the trouble they can cause
- Updates aren’t optional
- Tools for scanning your open source
- Free tools
- Paid tools