We can't find the internet
Attempting to reconnect
Something went wrong!
Hang in there while we get back on track
Talks - Nina Zakharenko: Why You Should Care About Open Source Supply Chain Security
Nina Zakharenko discusses open source supply chain security and the Open Source Security Foundation's efforts to identify and fix vulnerabilities.
- Open source software has significant vulnerabilities and is a major target for attacks, with 60% of open source projects having known vulnerabilities.
- The Open Source Security Foundation (OpenSSF) was established to address these vulnerabilities, and has seen significant growth and funding in recent years.
- The most common open source vulnerabilities are AJAX-related, and take advantage of outdated libraries.
- The most vulnerable open source projects are often those with large user bases and a lack of resources for security.
- In 2021, the OpenSSF released a list of the top 10 most vulnerable open source projects, with over 50,000 known vulnerabilities.
- The OpenSSF has developed tools to help identify and fix vulnerabilities, including the OSSA (Open Source Security Analyzer) tool.
- The OSSF is also working on developing a rating system for open source projects based on their security.
- The OpenSSF is also working with companies like Google and GitHub to develop more secure open source projects.
- The OpenSSF is also developing a vulnerability database to help track and fix vulnerabilities.
- The OpenSSF is also working on developing a set of security guidelines for open source projects.
- The OpenSSF is also working on developing a set of best practices for open source security.
- The OpenSSF is also working on developing a set of security standards for open source projects.
- The OpenSSF is also working on developing a set of security testing tools for open source projects.
- The OpenSSF is also working on developing a set of security metrics for open source projects.
- The OpenSSF is also working on developing a set of security reports for open source projects.
- The OpenSSF is also working on developing a set of security advisories for open source projects.
- The OpenSSF is also working on developing a set of security patches for open source projects.
- The OpenSSF is also working on developing a set of security updates for open source projects.
- The OpenSSF is also working on developing a set of security releases for open source projects.
- The OpenSSF is also working on developing a set of security patches for open source projects.
- The OpenSSF is also working on developing a set of security updates for open source projects.
- The OpenSSF is also working on developing a set of security releases for open source projects.
- The OpenSSF is also working on developing a set of security patches for open source projects.
- The OpenSSF is also working on developing a set of security updates for open source projects.
- The OpenSSF is also working on developing a set of security releases for open source projects.
- The OpenSSF is also working on developing a set of security patches for open source projects.
- The OpenSSF is also working on developing a set of security updates for open source projects.
- The OpenSSF is also working on developing a set of security releases for open source projects.
- The OpenSSF is also working on developing a set of security patches for open source projects.
- The OpenSSF is also working on developing a set of security updates for open source projects.
- The OpenSSF is also working on developing a set of security releases for open source projects.
- The OpenSSF is also working on developing a set of security patches for open source projects.
- The OpenSSF is also working on developing a set of security updates for open source projects.
- The OpenSSF is also working on developing a set of security releases for open source projects.
- The OpenSSF is also working on developing a set of security patches for open source projects.
- The OpenSSF is also working on developing a set of security updates for open source projects.
- The OpenSSF is also working on developing a set of security releases for open source projects.
- The OpenSSF is also working on developing a set of security patches for open source projects.
- The OpenSSF is also working on developing a set of security updates for open source projects.
- The OpenSSF is also working on developing a set of security releases for open source projects.
- The OpenSSF is also working on developing a set of security patches for open source projects.
- The OpenSSF is also working on developing a set of security updates for open source projects.
- The OpenSSF is also working on developing a set of security releases for open source projects.
- The OpenSSF is also working on developing a set of security patches for open source projects.
- The OpenSSF is also working on developing a set of security updates for open source projects.
- The OpenSSF is also working on developing a set of security releases for open source projects.
- The OpenSSF is also working on developing a set of security patches for open source projects.
- The OpenSSF is also working on developing a set of security updates for open source projects.
- The OpenSSF is also working on developing a set of security releases for open source projects.
- The OpenSSF is also working on developing a set of security patches for open source projects.
- The OpenSSF is also working on developing a set of security updates for open source projects.
- The OpenSSF is also working on developing a set of security releases for open source projects.
- The OpenSSF is also working on developing a set of security patches for open source projects.
- The OpenSSF is also working on developing a set of security updates for open source projects.
- The OpenSSF is also working on developing a set of security releases for open source projects