Heejo Lee’s Post

View profile for Heejo Lee, graphic

Professor at Korea University

OECD Forum Open Source Security Panel Discussion at July 10, 2024: It was a great opportunity to discuss open source security and security-by-design. 1. Unlike enterprise software development, integrating security into open-source projects requires security testing after development or before use. 2. A standard way of naming open-source projects is necessary to identify repositories and CVE vulnerabilities. 3. Dependency analysis is crucial for vulnerability management (for example, JavaScript projects have an average of 683 transitive dependencies). 4. A cost-effective approach to open-source security is needed (e.g., applying SBOM can reuse the existing results of verifying sub components, which may reduce the cost for downstream projects). The discussion was exiting and the support of OECD countries will be beneficial for many aspects by securing open source projects.

Session 1 – Security-by-design and open-source software

Session 1 – Security-by-design and open-source software

oecd-events.org

Heejo Lee

Professor at Korea University

2mo

Thank-you letter from OECD encourages a lot: "Your presentation highlighting the importance of protecting OSS ecosystems and the role of SBOM in enhancing transparency in supply chains was not only insightful but also incredibly inspiring for all participants."

  • No alternative text description for this image
Like
Reply

To view or add a comment, sign in

Explore topics