Agile + DevOps East 2020 DevSecOps Summit Session - A Modern Approach to Managing and Securing Your Open Source Dependencies | TechWell

Conference archive


Wednesday, November 18, 2020 - 3:30pm to 4:15pm

A Modern Approach to Managing and Securing Your Open Source Dependencies

Ninety-two percent of applications contain open source components. Without careful maintenance, organizations open themselves up to exploits from malicious actors. Known vulnerabilities in an open source library can increase risk of compromise despite a development team’s best efforts and intentions. Relying on scanning tools to point out potential issues is not enough if you don’t also have a strategy in place to ensure those issues can be resolved. In this talk we’ll share a modern approach DevSecOps teams can use to better manage and secure their open source dependencies, ensuring developers are working with known-good, issue-free open source. We’ll share best practices leading organizations are using to increase development velocity with open source without sacrificing security.


Matthew Arnow is an Enterprise Open Source Evangelist at Tidelift. Previously to working in open source Matthew spent 17 years in the mobile technology space first working directly with consumers and then large enterprises. Working for several mobility start-ups Matthew became a mobility expert and helped drive digital transformation for many of the world’s leading brands. With a focus on mobile security products (MDM / EMM) and lifecycle management support on a global scale, he oversaw a global team of experts in this space.