OSS Supply Chain Security and How to Help Your Overburdened Dev Team – SlashdotMedia AdOps Asset Management

OSS Supply Chain Security and How to Help Your Overburdened Dev Team

In this Upstream chat, Tracy Bannon from MITRE joined us to discuss why it took so long, what is happening now that will help organizations positively impact their own security preparedness, and how we can bring forward good ideas and warnings in the future.

She discussed how to talk about risk profile and ways organizations can force-rank priorities. She also discussed why it’s important to reduce cognitive load on the development teams and why it’s important to offload some tasks onto trusted vendors.

Tidelift CEO and co-founder Donald Fischer then joined the discussion and explained how all this applies to open source software specifically. Donald and Tracy discussed the recently disclosed security vulnerability in the Apache log4j project, which has been dubbed “Log4Shell”, why it’s important to address quickly, how to address it, and how to better prepare for future vulnerabilities. You won't want to miss this.

Start Here
I understand that by clicking the button below I agree to receive quotes, newsletters and other information from Tidelift, sourceforge.net and its partners regarding business software, IT services and related products. I understand that I can withdraw my consent at anytime. I understand by clicking on the green button below I am agreeing to the SourceForge Terms of Use and the Privacy Policy which describe how we use and share your data. Please refer to our Contact Us page for more details.