OECD Forum Open Source Security Panel Discussion at July 10, 2024: It was a great opportunity to discuss open source security and security-by-design. 1. Unlike enterprise software development, integrating security into open-source projects requires security testing after development or before use. 2. A standard way of naming open-source projects is necessary to identify repositories and CVE vulnerabilities. 3. Dependency analysis is crucial for vulnerability management (for example, JavaScript projects have an average of 683 transitive dependencies). 4. A cost-effective approach to open-source security is needed (e.g., applying SBOM can reuse the existing results of verifying sub components, which may reduce the cost for downstream projects). The discussion was exiting and the support of OECD countries will be beneficial for many aspects by securing open source projects.
Heejo Lee’s Post
More Relevant Posts
-
This involves developing Custom Software Applications from concept, idea, bare or full blown specifications. The essential element in this exercise is that the software is to be written from scratch.
"From Concept to Reality: Crafting Custom Software Applications from Scratch"
simplysecops.com
To view or add a comment, sign in
-
Synopsis 2024 OSSRA report provides good insights into challgenges and risks of open source software. Especially, if you want to better understand the pervasiveness of OSS within modern sofware and learn about some mitigation measures for reducing the associated risks. https://lnkd.in/e5JuJrRe
Open Source Security & Risk Analysis Report (OSSRA) | Synopsys
synopsys.com
To view or add a comment, sign in
-
Understanding the polyfill supply chain attack: What every developer needs to know. Check out our blog for detailed insights and proactive measures to secure your software.
Polyfill supply chain attack: What it is and how to know if you're affected | Veracode
veracode.com
To view or add a comment, sign in
-
Understanding the polyfill supply chain attack: What every developer needs to know. Check out our blog for detailed insights and proactive measures to secure your software.
Polyfill supply chain attack: What it is and how to know if you're affected | Veracode
veracode.com
To view or add a comment, sign in
-
The growing demand for open-source software has led to an increase in available components, but many are poorly maintained, leading to supply chain attacks and developers being targeted. Edwin Kwan suggests taking five steps to secure the software supply chain.
5 Steps for Securing Your Open-Source Supply Chain
blg.cyberbakery.net
To view or add a comment, sign in
-
BACK TO THE BUILDING BLOCKS: A PATH TOWARD SECURE AND MEASURABLE SOFTWARE https://lnkd.in/eUWQpfqZ
Final-ONCD-Technical-Report.pdf
whitehouse.gov
To view or add a comment, sign in
-
Open source code can bring great benefits, but it also comes with risks. Find out how organizations can navigate these challenges in the recent Trustwave blog post. Stay informed and stay secure with Trustwave. #InfoSec #TrustwaveBlog #OpenSourceCode
Uncovering the Dirty Secret of Open-Source Code and Its Risks for Organizations
trustwave.com
To view or add a comment, sign in
-
Open source code can bring great benefits, but it also comes with risks. Find out how organizations can navigate these challenges in the recent Trustwave blog post. Stay informed and stay secure with Trustwave. #InfoSec #TrustwaveBlog #OpenSourceCode
Uncovering the Dirty Secret of Open-Source Code and Its Risks for Organizations
trustwave.com
To view or add a comment, sign in
-
Open source code can bring great benefits, but it also comes with risks. Find out how organizations can navigate these challenges in the recent Trustwave blog post. Stay informed and stay secure with Trustwave. #InfoSec #TrustwaveBlog #OpenSourceCode
Uncovering the Dirty Secret of Open-Source Code and Its Risks for Organizations
trustwave.com
To view or add a comment, sign in
-
Open source code can bring great benefits, but it also comes with risks. Find out how organizations can navigate these challenges in the recent Trustwave blog post. Stay informed and stay secure with Trustwave. #InfoSec #TrustwaveBlog #OpenSourceCode
Uncovering the Dirty Secret of Open-Source Code and Its Risks for Organizations
trustwave.com
To view or add a comment, sign in
Professor at Korea University
2moThank-you letter from OECD encourages a lot: "Your presentation highlighting the importance of protecting OSS ecosystems and the role of SBOM in enhancing transparency in supply chains was not only insightful but also incredibly inspiring for all participants."