Skip to content

Slides from this talk given at Abstractions II in August 2019.

Notifications You must be signed in to change notification settings

saracope/open-source-security

Repository files navigation

Practical Open Source Security

Sara Cope @sarassassin

View the slides from this talk in your web browser: https://saracope.github.io/open-source-security/
A downloadable .pdf is also available: https://github.com/saracope/open-source-security/blob/master/open-source-security.pdf

Abstract: What's the best way to secure your open source dependencies? Not have any. But since over 80% of the source code that's shipped is derived from open source that's just not a reality. This makes auditing and managing your dependencies critical to achieving security compliance and instilling confidence in your application.

This talk will cover secure dependency management from both a proactive and reactive standpoint. We'll go over monitoring and auditing best practices, take a tour of available tools and walk through how to automate the detection of insecure patterns and outdated libraries affected by known vulnerabilities.

License

This project is in the worldwide public domain (in the public domain within the United States, and copyright and related rights in the work worldwide are waived through the CC0 1.0 Universal public domain dedication).

All contributions to this project will be released under the CC0 dedication. By submitting a pull request, you are agreeing to comply with this waiver of copyright interest.

About

Slides from this talk given at Abstractions II in August 2019.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published