Wednesday

Room 2

10:20 - 11:20 (UTC+01)

Talk (60 min)

Secure Open Source Practices

With high-profile open source vulnerabilities in the news, it’s important to know how to choose secure libraries and manage your dependencies. In this talk, we will discuss why open source security is important, and you will learn practical steps you can take to ensure your software is as secure as possible.

Security
Web
  • The impact open source can have on your applications
    • Examples: Obviously everyone is talking about Log4j but there may likely be more examples by April
    • Impact of vulnerabilities
  • How to choose the best open source package
    • How many other people are using it?
    • How often is it updated?
    • Known vulnerabilities (and the severity thereof) - where there’s smoke there’s fire.
    • Licensing
  • Nested dependencies and the trouble they can cause
  • Updates aren’t optional
  • Tools for scanning your open source
    • Free tools
    • Paid tools

Jillian Ratliff

Jillian provides application security training for software engineers, so they have the skills to write secure code in any language. With over 10 years of AppSec experience, she has worn many hats: penetration tester, consultant, code reviewer, and threat modeler! However, her favorite hat to wear has always been that of a teacher, and that’s why she founded Gold Hat Security in 2019.