Loading…
March 12-14, 2019 - Half Moon Bay, CA
Click Here For Information
Back To Schedule
Thursday, March 14 • 1:50pm - 2:20pm
Don’t Ignore Those GitHub Security Alerts. Automate Them Into Your Workflow - Ashley Wolf, Verizon Media

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share
Feedback form is now closed.
Open source projects are vulnerable to exploits just like any code is. Recent high-profile vulnerabilities in open source code, including Moment.js, Lodash, and PostgreSQL, have highlighted the importance of code quality that can impact the security of open source code in production. GitHub recently made security vulnerability information available for your projects on GitHub. How can you connect the dots to make your use of open source secure?

This talk will highlight some best practices that your Open Source Program Office (OSPO) can use to manage security vulnerabilities for open source projects using GitHub’s security alerts at scale. We’ll discuss the mechanics and governance around the process we’ve set up at Verizon Media to notify internal employees about CVEs on their projects.
Speakers
avatar for Ashley Wolf

Ashley Wolf

Open Source Program Manager, GitHub
Ashley is a passionate advocate for open source. She is currently the Open Source Program Manager at GitHub. Prior to GitHub, she led the Yahoo (acquired by Verizon) open source program and worked in product management for a cybersecurity company. Ashley serves on steering committees... Read More →

Don't Ignore GitHub Security Alerts OSLS pdf
Thursday March 14, 2019 1:50pm - 2:20pm PDT
Salon 1
  Security & Certification of Open Source