Attending this event?
October 31 - November 1 - Co-Located Events
October 28-30 - Conference
Lyon Convention Centre - Lyon, France
More information for Open Source Summit + Embedded Linux Conference Europe 2019
Monday, October 28 • 18:00 - 18:35
BoF: Securing Open-source: Dependencies, Incident Response, Vulnerabilities, and Bug Bounties - Maya Kaczorowski, Google

Sign up or log in to save this to your schedule and see who's attending!

Open-source projects have a more nebulous operating model, and that also means it's harder to figure out who's on the hook when something goes wrong.

In security, if you're running an open-source project that's widely used, that means the community looks to you for help identifying and addressing vulnerabilities. We'll discuss what a mature open-source project does for security, including:
- mapping and understanding dependencies, and frequently patching those,
- responding to incidents in a private manner, and managing disclosures,
- patching vulnerabilities and vulnerability management, and
- running a bug bounty program.

Altogether, these make up a complete security response program for a larger open-source project. We'll also discuss what to do first if your project is just getting started, what to prioritize with limited resources (that's every project!), and what smaller projects can do when all of these pieces aren't possible.

avatar for Maya Kaczorowski

Maya Kaczorowski

Product Manager, Google
Maya is a Product Manager in Security & Privacy at Google, focused on container security. She has presented at KubeCon, BSides SF, O'Reilly Velocity, Google Next, OpenStack Summit, and other conferences on container security. She previously worked on encryption at rest and encryption... Read More →

Monday October 28, 2019 18:00 - 18:35
Rhone 2
Feedback form isn't open yet.