Sara Cope @sarassassin
View the slides from this talk in your web browser: https://saracope.github.io/open-source-security/
A downloadable .pdf is also available: https://github.com/saracope/open-source-security/blob/master/open-source-security.pdf
Abstract: What's the best way to secure your open source dependencies? Not have any. But since over 80% of the source code that's shipped is derived from open source that's just not a reality. This makes auditing and managing your dependencies critical to achieving security compliance and instilling confidence in your application.
This talk will cover secure dependency management from both a proactive and reactive standpoint. We'll go over monitoring and auditing best practices, take a tour of available tools and walk through how to automate the detection of insecure patterns and outdated libraries affected by known vulnerabilities.
This project is in the worldwide public domain (in the public domain within the United States, and copyright and related rights in the work worldwide are waived through the CC0 1.0 Universal public domain dedication).
All contributions to this project will be released under the CC0 dedication. By submitting a pull request, you are agreeing to comply with this waiver of copyright interest.