View, browse and sort the ever-growing list of sessions by pass type, track, and format. With this Session Scheduler, you can build your schedule in advance and access it during the show via export or with the Mobile App, once live.
Sessions do fill up and seating is first come, first serve, so arrive early to sessions that you would like to attend. Please note that adding a session into your agenda does NOT guarantee you a seat to the session.
Daniel Sauble (Product Owner, Sonatype)
Date: Wednesday, May 22
Time: 1:30pm - 2:20pm
Pass type: All Access, Conference - Get your pass now!
Track/Topic: Security, DevOps
Format: Conference Session
Vault Recording: TBD
Audience Level: Intermediate
Open-source software (OSS) has many benefits, but with those benefits come risks.
OSS is designed for reusability, the code is transparent, and you can incorporate OSS components into your own applications as dependencies. Great!
However, open-source projects might have vulnerabilities or be hijacked by bad actors—thus compromising any applications that depend on those projects. Dependencies hosted in public repositories can disappear, breaking your builds. Complexity can obscure the true surface area of your application, making it difficult to spot security holes in your apps.
The list of risks goes on, but you can mitigate them. In this session, learn the importance of picking a trusted source of OSS components; how to check publicly available data for issues in components; how caching dependencies can improve the speed and reliability of your build pipeline; and how automation can help you find and fix OSS security issues quickly.