SOSS Community Day NA 2024

With the number of available open source projects seeing exponential growth, including the number of single-maintainer projects, evaluating and safely consuming open source software has never been more critical or challenging. Join Katherine Druckman, Open Source Security Evangelist at Intel, in conversation with Ryan Ware, Director of Open Source Security at Intel, to unpack the basics of secure open source consumption. Join us as we explore the fundamentals of evaluating open source projects against maintenance best practices and overall health, and cover the significance of CVEs and how they are addressed within open source projects. We will highlight the roles of project maturity and governance, documented expectations about code contributions, and clearly outlined bug-reporting processes, and how all these factors build confidence in the integrity of our software. Finally, we’ll touch on the use of tooling to help harden the development process and initiatives from the broader open source security community, like the OpenSSF and its projects, that aim to make secure open source software consumption ubiquitous.