It’s estimated 98% of codebases contain open source code. Open Source at its root facilitates community driven innovation, collaboration, and development of new technologies. More transparency = more secure, right? The hard truth is, many vulnerabilities can lay dormant in a codebase for years before being exploited in the wild, leaving entire software supply chains under attack. This talk will discuss how we can continue to push and tackle these issues in the community.
- How should we be engaging with maintainers and contributors?
- What would you do if a critical piece of your application relies on a package that has been abandoned?
- Are our threat modeling processes sufficient?
Log4Shell was a wakeup call for many, let’s talk about what meaningful actions we can take.
