Back To Schedule
Thursday, August 29 • 3:00pm - 3:30pm
Do I need to change the OSS in my product? Making informed decisions.

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Open Source software runs the world - some estimates say upwards of 90% of lines of code in products come from Open Sources. While this has been a huge advantage, OSS comes with a different security debt and risk model, compared to tradition software development. Everyday, project leaders are making at hoc, instinctual decisions about their projects, because they do not have the tools to be more accurate.

In this talk I will discuss the various factors that contribute to the amount of security risk introduced by third party OSS, and discuss the factors that should go into making an informed decision about whether to keep or replace OSS in your codebase. These include past performance, the development team, release cycle, code complexity and so on. Other, real world factors that come into play are dev team experience, alternatives, the proportion of the code used and patching possibilities.      

Providing these quantifiable factors will allow better decisions to be made by all, and for the overall security debt to be better understood, and better managed.


Alex Burrage

Currently a Security Incident Response Engineer at BlackBerry, with experience in secure software development across a variety of products and environments, I have worked on the front line of developing and maintaining products that rely on Open Source Software, and seen the fall... Read More →

Thursday August 29, 2019 3:00pm - 3:30pm BST
Track 4 (Rookie)

Attendees (5)