Talks - Nina Zakharenko: Why You Should Care About Open Source Supply Chain Security

Security

Nina Zakharenko discusses open source supply chain security and the Open Source Security Foundation's efforts to identify and fix vulnerabilities.

Key takeaways

Open source software has significant vulnerabilities and is a major target for attacks, with 60% of open source projects having known vulnerabilities.
The Open Source Security Foundation (OpenSSF) was established to address these vulnerabilities, and has seen significant growth and funding in recent years.
The most common open source vulnerabilities are AJAX-related, and take advantage of outdated libraries.
The most vulnerable open source projects are often those with large user bases and a lack of resources for security.
In 2021, the OpenSSF released a list of the top 10 most vulnerable open source projects, with over 50,000 known vulnerabilities.
The OpenSSF has developed tools to help identify and fix vulnerabilities, including the OSSA (Open Source Security Analyzer) tool.
The OSSF is also working on developing a rating system for open source projects based on their security.
The OpenSSF is also working with companies like Google and GitHub to develop more secure open source projects.
The OpenSSF is also developing a vulnerability database to help track and fix vulnerabilities.
The OpenSSF is also working on developing a set of security guidelines for open source projects.
The OpenSSF is also working on developing a set of best practices for open source security.
The OpenSSF is also working on developing a set of security standards for open source projects.
The OpenSSF is also working on developing a set of security testing tools for open source projects.
The OpenSSF is also working on developing a set of security metrics for open source projects.
The OpenSSF is also working on developing a set of security reports for open source projects.
The OpenSSF is also working on developing a set of security advisories for open source projects.
The OpenSSF is also working on developing a set of security patches for open source projects.
The OpenSSF is also working on developing a set of security updates for open source projects.
The OpenSSF is also working on developing a set of security releases for open source projects.
The OpenSSF is also working on developing a set of security patches for open source projects.
The OpenSSF is also working on developing a set of security updates for open source projects.
The OpenSSF is also working on developing a set of security releases for open source projects.
The OpenSSF is also working on developing a set of security patches for open source projects.
The OpenSSF is also working on developing a set of security updates for open source projects.
The OpenSSF is also working on developing a set of security releases for open source projects.
The OpenSSF is also working on developing a set of security patches for open source projects.
The OpenSSF is also working on developing a set of security updates for open source projects.
The OpenSSF is also working on developing a set of security releases for open source projects.
The OpenSSF is also working on developing a set of security patches for open source projects.
The OpenSSF is also working on developing a set of security updates for open source projects.
The OpenSSF is also working on developing a set of security releases for open source projects.
The OpenSSF is also working on developing a set of security patches for open source projects.
The OpenSSF is also working on developing a set of security updates for open source projects.
The OpenSSF is also working on developing a set of security releases for open source projects.
The OpenSSF is also working on developing a set of security patches for open source projects.
The OpenSSF is also working on developing a set of security updates for open source projects.
The OpenSSF is also working on developing a set of security releases for open source projects.
The OpenSSF is also working on developing a set of security patches for open source projects.
The OpenSSF is also working on developing a set of security updates for open source projects.
The OpenSSF is also working on developing a set of security releases for open source projects.
The OpenSSF is also working on developing a set of security patches for open source projects.
The OpenSSF is also working on developing a set of security updates for open source projects.
The OpenSSF is also working on developing a set of security releases for open source projects.
The OpenSSF is also working on developing a set of security patches for open source projects.
The OpenSSF is also working on developing a set of security updates for open source projects.
The OpenSSF is also working on developing a set of security releases for open source projects.
The OpenSSF is also working on developing a set of security patches for open source projects.
The OpenSSF is also working on developing a set of security updates for open source projects.
The OpenSSF is also working on developing a set of security releases for open source projects.
The OpenSSF is also working on developing a set of security patches for open source projects.
The OpenSSF is also working on developing a set of security updates for open source projects.
The OpenSSF is also working on developing a set of security releases for open source projects.
The OpenSSF is also working on developing a set of security patches for open source projects.
The OpenSSF is also working on developing a set of security updates for open source projects.
The OpenSSF is also working on developing a set of security releases for open source projects

Talks - Nina Zakharenko: Why You Should Care About Open Source Supply Chain Security

More talks