A Modern Approach to Managing and Securing Your Open Source Dependencies
Ninety-two percent of applications contain open source components. Without careful maintenance, organizations open themselves up to exploits from malicious actors. Known vulnerabilities in an open source library can increase risk of compromise despite a development team’s best efforts and intentions. Relying on scanning tools to point out potential issues is not enough if you don’t also have a strategy in place to ensure those issues can be resolved. In this talk we’ll share a modern approach DevSecOps teams can use to better manage and secure their open source dependencies, ensuring developers are working with known-good, issue-free open source. We’ll share best practices leading organizations are using to increase development velocity with open source without sacrificing security.