Loading…
March 12-14, 2019 - Half Moon Bay, CA
Click Here For Information
Back To Schedule
Thursday, March 14 • 1:50pm - 2:20pm
Don’t Ignore Those GitHub Security Alerts. Automate Them Into Your Workflow - Ashley Wolf, Verizon Media

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share
Feedback form is now closed.
Open source projects are vulnerable to exploits just like any code is. Recent high-profile vulnerabilities in open source code, including Moment.js, Lodash, and PostgreSQL, have highlighted the importance of code quality that can impact the security of open source code in production. GitHub recently made security vulnerability information available for your projects on GitHub. How can you connect the dots to make your use of open source secure?

This talk will highlight some best practices that your Open Source Program Office (OSPO) can use to manage security vulnerabilities for open source projects using GitHub’s security alerts at scale. We’ll discuss the mechanics and governance around the process we’ve set up at Verizon Media to notify internal employees about CVEs on their projects.
Speakers
avatar for Ashley Wolf

Ashley Wolf

Director, Open Source Program Office, GitHub
Ashley Wolf is the Director of Open Source Programs at GitHub. She runs initiatives and programs to empower developers to be successful with open source. She is also passionate about helping companies participate in the open source community. Prior to joining GitHub, Ashley led the... Read More →

Don't Ignore GitHub Security Alerts OSLS pdf
Thursday March 14, 2019 1:50pm - 2:20pm PDT
Salon 1
  Security & Certification of Open Source