Loading…
October 31 - November 1 - Co-Located Events
October 28-30 - Conference
Lyon Convention Centre - Lyon, France
More information for Open Source Summit + Embedded Linux Conference Europe 2019
Back To Schedule
Monday, October 28 • 18:00 - 18:35
BoF: Securing Open-source: Dependencies, Incident Response, Vulnerabilities, and Bug Bounties - Maya Kaczorowski, Google

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Open-source projects have a more nebulous operating model, and that also means it's harder to figure out who's on the hook when something goes wrong.

In security, if you're running an open-source project that's widely used, that means the community looks to you for help identifying and addressing vulnerabilities. We'll discuss what a mature open-source project does for security, including:
- mapping and understanding dependencies, and frequently patching those,
- responding to incidents in a private manner, and managing disclosures,
- patching vulnerabilities and vulnerability management, and
- running a bug bounty program.

Altogether, these make up a complete security response program for a larger open-source project. We'll also discuss what to do first if your project is just getting started, what to prioritize with limited resources (that's every project!), and what smaller projects can do when all of these pieces aren't possible.

Speakers
avatar for Maya Kaczorowski

Maya Kaczorowski

Product Manager, Software Supply Chain Security, GitHub
Maya is a Product Manager for Software Supply Chain Security at GitHub. She was previously at Google, focused on container security, and encryption at rest and encryption key management. Prior to Google, she was at McKinsey & Company, and before that, completed her Master\'s in mathematics... Read More →



Monday October 28, 2019 18:00 - 18:35
Rhone 2
  • Session Slides Included Yes