Loading…
Back To Schedule
Tuesday, October 27 • 18:30 - 19:20
Unsolved Problems in Open Source Security - Rhys Arkins, WhiteSource

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Very few people today doubt the principles and benefits of Open Source, but you can definitely be forgiven for having concerns about its security. Some of the ways we rely on Open Source today are fundamentally flawed, yet almost never discussed - from registries hosting unsigned artifacts of unreproducible source to package managers which propagate new versions of dependencies at the earliest opportunity. It's time to identify these unsolved - and mostly undiscussed - risks, evaluate their potential impact, and determine what can be done in the Open Source community to address them. This presentation will discuss why we need reproducible builds in open source, verified artifacts, and why the majority of package managers may need a substantial change, while one in particular got it right. It will also provide some recommendations on defensive use of open source particularly for products and industries at the highest risk of software supply chain attacks.

Speakers
avatar for Rhys Arkins

Rhys Arkins

Director of Product, WhiteSource
Rhys Arkins is the Director of Product at WhiteSource, where he focuses on Develop Solutions. Rhys joined WhiteSource in 2019 through the acquisition of the company he founded, Renovate Bot - an open source tool for automating dependency updates. He is a big proponent of using automation... Read More →



Tuesday October 27, 2020 18:30 - 19:20 GMT
OS Dependability Theater