Best Practices in Open Source Risk Management – Rhys Arkins, Mend.io
Presented at Open Source In Finance Forum 2023 – NYC
Presented by Rhys Arkins – Mend.io
Title: Best Practices in Open Source Risk Management
Abstract: Assessing risk in Open Source dependency use can make any security lead sweat. Projects which rarely update dependencies will be the slowest to react and remediate so-called “”log4j incidents””, which is often referred to as “”security debt””. Meanwhile, the risk of malicious code introduction or account takeovers in Open Source packages is not insignificant, so those who live on the cutting edge of latest versions may also be at increased risk from another angle. How can companies – especially those in highly-regulated industries like Finance – provide sensible guidance to software teams which optimizes their risk? This presentation will address the challenge from both angles – how much more at risk are projects when they fall behind in dependencies, plus how much risk is there from malicious code in Open Source? Rhys Arkins will deliver this perspective as someone responsible within Mend.io for both dependency automation solutions as well as supply chain security – scanning for malicious releases in near real-time.
Find more info about FINOS:
On the web: https://www.finos.org/
Twitter: https://twitter.com/finosfoundation
LinkedIn: https://www.linkedin.com/company/finosfoundation/
OSFF NYC: https://events.linuxfoundation.org/open-source-finance-forum-new-york/
by FINOS
linux foundation
