Guarding the Gates: Secure Open Source Library Consumption with vet
Modern software is built on a mountain of open source code but inside that code there are hidden risks we often overlook: known vulnerabilities, malicious packages, abandoned projects, and incompatible licenses.
In this talk, we'll walk through the real-world problem of insecure OSS consumption, and introduce vet - an open source tool designed to automate the vetting of OSS libraries before use. With features like customizable filters and policy-as-code, vet empowers security and engineering teams to build guardrails directly into CI/CD pipelines.
Attendees will get practical understanding of how to integrate vet into their workflows, reduce technical debt, and make better, safer choices in their dependency stack.
1. Helps teams catch vulnerable or risky dependencies before they enter the codebase
2. Enables organizations to define OSS security policies in code and enforce them consistently.
3. Drives adoption of well-maintained and secure open source projects
Which track are you applying for?
Sudhanshu Dasgupta
The FOSS security definitely has its place at a FOSS conference. This may be a little too niche and not technical enough for the folks who would be interested. But since it's a lightning talk and should be kept at 10 minutes, I think it still should be approved.
This is an interesting project. It definitely has its place, It would be interesting to see this talked about at some of our city chapters.
I am not sure how this tool can help "reduce technical debt", as claimed in the proposal. I agree with the other reviewer - this may be suited for a lightning talk that shows various use cases of the tool. Many devs will find value in the use cases for the vet tool shown in its github repo. Extra points for the proposer if they are able to show scan results on well known repositories and come up with uncommon insights.
+1 as Lightning talk. Would be relatable and useful to developers across the tech stack.
We need to build awareness and have conversations about foss security.