Loading…
March 12-14, 2019 - Half Moon Bay, CA
Click Here For Information
Back To Schedule
Thursday, March 14 • 1:50pm - 2:20pm
Don’t Ignore Those GitHub Security Alerts. Automate Them Into Your Workflow - Ashley Wolf, Verizon Media

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share
Feedback form is now closed.
Open source projects are vulnerable to exploits just like any code is. Recent high-profile vulnerabilities in open source code, including Moment.js, Lodash, and PostgreSQL, have highlighted the importance of code quality that can impact the security of open source code in production. GitHub recently made security vulnerability information available for your projects on GitHub. How can you connect the dots to make your use of open source secure?

This talk will highlight some best practices that your Open Source Program Office (OSPO) can use to manage security vulnerabilities for open source projects using GitHub’s security alerts at scale. We’ll discuss the mechanics and governance around the process we’ve set up at Verizon Media to notify internal employees about CVEs on their projects.
Speakers
avatar for Ashley Wolf

Ashley Wolf

Open Source Program Manager, Verizon Media
Ashley manages Verizon Media’s open source program and is product owner of Yahoo Developer Network. She's a passionate developer advocate and community-builder who regularly engages with technical audiences through blogs, podcasts, and presentations.

Don't Ignore GitHub Security Alerts OSLS pdf
Thursday March 14, 2019 1:50pm - 2:20pm
Salon 1
  Security & Certification of Open Source