The Well Known and Hidden Risks of Open Source Software Reuse

Agenda:
6:00 - 6:15pm: Introduction
6:15 - 7:00pm: Jamie Scott, CISSP, CCSP - The well known and hidden risks of open source software reuse
7:15 - 8:00pm: Networking

Summary of the talk:
While known vulnerabilities and out-of-date components seem like apparent risks, OSS has several other key risks that should be considered as well. In this talk, we will cover the Top 10 OSS Risks. This includes common considerations such as known vulnerabilities and unmaintained or outdated software but also other key risks such as the compromise of a legitimate package, license risks, and excessive use of dependencies. This talk will feature the Top 10 OSS Risks https://owasp.org/www-project-open-source-software-top-10/ and include examples and case studies of notable OSS incidents, such as the recent npm worm, tied to the risks discussed. It will also provide actionable takeaways for security and technology leaders to equip them to securely consume and utilize OSS in their enterprise environments and software/products while mitigating some of the most relevant risks associated with OSS.

Speaker bio:
Jamie Scott, CISSP, CCSP is a recovering cybersecurity practitioner turned product manager building the next generation of dependency management solutions at Endor Labs. Previously Jamie was Product Manager at Redis and StackRox (Acquired by Red Hat in Feb 2021) where he was an open source contributor and leader for both projects. Jamie remains an active contributor to the cybersecurity community as co-author and contributor to several benchmarks as a volunteer consultant for the Center for Internet Security.