October 31 - November 1 - Co-Located Events
October 28-30 - Conference
Lyon Convention Centre - Lyon, France
More information for Open Source Summit + Embedded Linux Conference Europe 2019
Back To Schedule
Monday, October 28 • 18:00 - 18:35
BoF: Securing Open-source: Dependencies, Incident Response, Vulnerabilities, and Bug Bounties - Maya Kaczorowski, Google

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Open-source projects have a more nebulous operating model, and that also means it's harder to figure out who's on the hook when something goes wrong.

In security, if you're running an open-source project that's widely used, that means the community looks to you for help identifying and addressing vulnerabilities. We'll discuss what a mature open-source project does for security, including:
- mapping and understanding dependencies, and frequently patching those,
- responding to incidents in a private manner, and managing disclosures,
- patching vulnerabilities and vulnerability management, and
- running a bug bounty program.

Altogether, these make up a complete security response program for a larger open-source project. We'll also discuss what to do first if your project is just getting started, what to prioritize with limited resources (that's every project!), and what smaller projects can do when all of these pieces aren't possible.

avatar for Maya Kaczorowski

Maya Kaczorowski

Product Manager, Software Supply Chain Security, Tailscale
Maya is a Product Manager at Tailscale, providing secure networking for the long tail. She was mostly recently at GitHub in software supply chain security, and previously at Google working on container security, encryption at rest and encryption key management. Prior to Google, she... Read More →

Monday October 28, 2019 18:00 - 18:35 CET
Rhone 2
  Best Practices for OS Development
  • Session Slides Included Yes