August 19-21 - Co-Located Events
August 21-23 - Conference
Hilton San Diego Bayfront - San Diego, CA
More information for Open Source Summit + Embedded Linux Conference North America 2019
Back To Schedule
Friday, August 23 • 12:20pm - 12:55pm
Don’t Ignore Those GitHub Security Alerts. Automate Them Into your Workflow. - Ashley Wolf & Gil Yehuda, Verizon Media

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Open source projects are vulnerable to exploits just like any code is. Recent high-profile vulnerabilities in open source code, including Moment.js, Lodash, and PostgreSQL, have highlighted the importance of code quality that can impact the security of open source code in production. GitHub recently made security vulnerability information available for your projects on GitHub. How can you connect the dots to make your use of open source secure?

This talk will highlight some best practices that your Open Source Program Office (OSPO) can use to manage security vulnerabilities for open source projects using GitHub’s security alerts at scale. We’ll discuss the mechanics and governance around the process we’ve set up at Verizon Media to notify internal employees about CVEs on their projects.

avatar for Gil Yehuda

Gil Yehuda

Sr. Director of Open Source, Verizon Media
Gil Yehuda runs the open source program at Verizon Media, a division of Verizon composed of Yahoo, AOL, and many other internet brands. Gil has been a strong and vocal advocate for open source for many years and is a member of the TODO group. Previously, he was an analyst at Forrester... Read More →
avatar for Ashley Wolf

Ashley Wolf

Open Source Program Manager, Verizon Media
Ashley manages Verizon Media’s open source program and is product owner of Yahoo Developer Network. She's a passionate developer advocate and community-builder who regularly engages with technical audiences through blogs, podcasts, and presentations.

Friday August 23, 2019 12:20pm - 12:55pm PDT
Aqua Salon C
  Security & Safety
  • Session Recorded Yes