Health vs Stealth: A Tale Of Securing Open Source

I’ve always lived in a world where I thought open source software was infallible. Growing up, I have often remarked that Linux had no viruses, whereas Windows had too many. This was the source of my unshakeable faith in the security of open source.

Then I grew up, and came to terms with reality. Also, the recent slew of Software Supply Chain attacks have left me in an existential lurch where I sincerely fear the security of open source.

In this talk, I intend to scare inform the audience about vulnerabilities in the open source ecosystem. The talk will be a walkthrough of how to ascertain vulnerabilities in the stack, how to address them, learning to find out what will affect you, and how best to mitigate risk from using open source that contains vulnerabilities.