Presented at
Diana Initiative 2022,
Aug. 10, 2022, 4:30 p.m.
(30 minutes)
It’s estimated 98% of codebases contain open source code. Open Source at its root facilitates community driven innovation, collaboration, and development of new technologies. More transparency = more secure, right? The hard truth is, many vulnerabilities can lay dormant in a codebase for years before being exploited in the wild, leaving entire software supply chains under attack. This talk will discuss how we can continue to push and tackle these issues in the community.* How should we be engaging with maintainers and contributors?
* What would you do if a critical piece of your application relies on a package that has been abandoned?
* Are our threat modeling processes sufficient?
Log4Shell was a wakeup call for many, let’s talk about what meaningful actions we can take.
Presenters:
-
Sara Garvey
- Contrast Security
Sara is a Senior Application Security Researcher with Contrast Security. Her primary area of interest is within Open Source Security. Sara, in her free time, enjoys participating in CTFs and external vulnerability research.
Links: