SlideShare a Scribd company logo

OSSF 2018 - Jamie Jones of GitHub - Pull what where? Contributing to Open Source, securely, on GitHub

FINOS
FINOS

Pull Requests? Upstream Remotes? Compact Discs? Understanding how to publish code developed inside your organization into the Open Source world can leave you with more questions than answers. In this talk, we will cover key strategies, as well as the workflows and tools that make it possible, for moving past merely consuming open source on GitHub to becoming contributors. Whether you are an IT Manager or Head of Open Source, you will walk away with tips to on how to contribute while staying compliant with legal, technical and security approvals within your organization.

Technology
1 of 41
Download to read offline
Pull What Where? Contributing to Open Source, Securely, on GitHub
✴ GitHub for over three years ✴ Previously Developer, Technical Lead & Configuration Manager with Security-conscious Federal agencies. ✴ Casual Open Source enthusiast ✴ ❤ The outdoors and landscape photos GitHub Principal Architect & Regulated Industries Solutions Lead Jamie Jones ! @jbjonesjr
Open Source Readiness Program - Regulatory Compliance WG Chair FinServ Developer Experience Program Chair - Developer Experience WG Chair
Goals • Overview of the value of open source • Understanding the different workflows used publishing code outside your organization • Understanding GitHub and integration points key for process security • Better practices for open source security • Things to think about when staying legal and compliant with open source code • Critical tools to integrate into your process
– Oliver Cooke, a financial-industry recruiter at Selby Jennings “Ten or 15 years ago, the engineers were the ones who didn’t speak to anyone and maybe seemed like they hadn’t showered that day. The traders were the ones that looked like they stepped out of a Brooks Brothers catalog,” said. “That line has basically disappeared.” – Adam Korn, Goldman Sachs “Everyone who comes to sales and trading needs to know how to code.”
OSS usage continues to grow * Evans Data Research Survey - Global Developer Survey 2017 0-49% 64.4% (13,960,231) 50-74% 27.8% (6,122,356) 75-100% 8.8% (1,935,860) Total 22,018,447 What percent of the typical app you work on is comprised of open source components? 96% What percentage of Apps include ANY open source?
Top open source organizations
23,000 Contributors 43,000 projects 350,000 contributions 26% Contributor growth YoY 40% Contribution growth YoY to totaling 2017 - Open Source in Financial Services 💰💰💰
OpenSourceWorkflows
Codeintheopen!!!! GitHub.com
Doitonyourowntime! • Process enforcement • Leadership Approvals • Security
 Pii, Dependency Checking, 
 Dirty Words, Token Scanning,
 Static and Dynamic inspection,
 ALMSS, Vulnerability tracking • Compliance & Audit GitHub.com
Okay,we’llintegrate…withaprocess • Filling out forms • Getting approvals • Waiting days (or weeks) • Burning media… lots of media • What will legal say? • Whose even investigating these things, anyway? GitHub.com
Whatifweusedaproxy? • Process enforcement • Leadership Approvals • Security
 Pii, Dependency Checking, 
 Dirty Words, Token Scanning,
 Static and Dynamic inspection,
 ALMSS, Vulnerability tracking • Compliance & Audit GitHub.com
Abetterprocess?maybe? • Filling out forms • Getting approvals • Waiting days (or weeks) • Burning media… lots of media • What will legal say? • Whose even investigating these things, anyway? GitHub.com
Wherewearegoing • Process enforcement • Leadership Approvals • Security
 Pii, Dependency Checking, 
 Dirty Words, Token Scanning,
 Static and Dynamic inspection,
 ALMSS, Vulnerability tracking • Compliance & Audit GitHub.com
Codeintheopen!!!! GitHub.com
GitHubSecurityBestPractices
VulnerabilityScanning
AlertNotification
ProtectedBranches
Enforce compliance policies with branch statuses, branch protection, required reviews and inline conflict resolution RequiredStatusChecks
Restrictaccess
CodeOwners > cat CODEOWNERS # Lines starting with '#' are comments. # Each line is a file pattern followed by one or more owners. # These owners will be the default owners for everything in the repo. * @defunkt # Order is important. The last matching pattern has the most precedence. # So if a pull request only touches javascript files, only these owners # will be requested to review. *.js @octocat @github/js # You can also use email addresses if you prefer. docs/* docs@example.com
Cleanupafteryourself
Bonus:signedcommitsforadditionalassurance
OpenSourceSecurity&ComplianceBestPractices
DependencyManagement • Dependency Management tools like • greenkeeper.io, Dependabot, Depfu, Renovate • …Or check nightly via your own custom scripts • Download, run dependency update per language spec, use diff to create patch
Containerandimagescanning • You can’t swing a dead cat without hearing about scanning solutions: • Kritis, Clair, AquaSec, Sonatype, BlackDuck, OpenSCAP • Important to remember that container scanning is not THE security process, but a piece of it
Vulnerabilitydata • While GitHub includes data from the NVD system and our own platform research, there are numerous other providers of data • Snyk • Whitesource • BlackDuck • Sonatype • All leading to… your OWN threat intelligence
Buildoften • Don’t just run builds after commits or merges, but on routine basis as well! • You never know when your bugs will appear
Static,Dynamic,andBrowserTesting!OhMy! • Static Code Analysis Tools like • SonarQube, Codacy, WhiteSource, OWASP, Fortify, Veracode, Coverity • Dynamic Code Analysis Tools like • Veracode, Selenium, OWASP ZAP
DocumentandSecurityandCompliancepolicy • We talk about what licenses we allow, but do we plan for the vulnerabilities we allow? • What about the flavor of contributor we encourage? • Are their activity requirements on the dependencies? Do they have to be active at all?
OpenSourcetoolsandIntegrations
Vulnerability tools Whitesource, Veracode, Sonatype, IonChannel, GitHub Static Code Analysis SonarQube, Selenium, Fortify, Codacy, OWASP, Coverity Dynamic Code Analysis Veracode, Selenium, OWASP ZAP Dependency Management Dependabot, greenkeeper.io, Renovate, Depfu Container Scanning Kritis, Clair, AquaSec, Sonatype, BlackDuck, OpenSCAP Vulnerability Resources Whitesource, Sonatype, Snyk, BlackDuck
OpenDeveloperPlatform
Recap • Understanding the different workflows used publishing code outside your organization • Understanding GitHub and integration points key for process security • Better practices for open source security • Things to think about when staying legal and compliant with open source code • Critical tools to integrate into your process
CodeThoughts™forOpenSourceparticipation
CodeThoughts™v1 • How are you managing a community? • Where do they exist today? How are you going to meet them there? • What happens when someone acts inappropriately? What’s your PR strategy? • Everything (EVERYTHING) in the Core Infrastructure Initiative Best Practice program
CodeThoughts™v2-Withmoresecurity • Who secures your projects? • Your internal security team? `The community`? Who is responsible for those critical fixes? But what if YOU’RE not there? • Do you even audit? • Do you have an incident response plan for severe vulnerabilities? • Where do you report? Do you? • https://github.com/envoyproxy/envoy/blob/ master/SECURITY_RELEASE_PROCESS.md
github.com/jbjonesjr/open-source-docs finosfoundation.atlassian.net/wiki/spaces/ FDX ! @jbjonesjr jbjonesjr@github.com QuestionsandAnswers?

Recommended

DevSecCon Tel Aviv 2018 - Value driven threat modeling by Avi Douglen
DevSecCon Tel Aviv 2018 - Value driven threat modeling by Avi DouglenDevSecCon Tel Aviv 2018 - Value driven threat modeling by Avi Douglen
DevSecCon Tel Aviv 2018 - Value driven threat modeling by Avi Douglen
DevSecCon
 
DevSecCon Tel Aviv 2018 - Security Testing for Containerised Apps by Omer Levi
DevSecCon Tel Aviv 2018 - Security Testing for Containerised Apps by Omer LeviDevSecCon Tel Aviv 2018 - Security Testing for Containerised Apps by Omer Levi
DevSecCon Tel Aviv 2018 - Security Testing for Containerised Apps by Omer Levi
DevSecCon
 
Sec4dev 2021 - Catch Me If You can : Continuous Delivery vs. Security Assurance
Sec4dev 2021 - Catch Me If You can : Continuous Delivery vs. Security AssuranceSec4dev 2021 - Catch Me If You can : Continuous Delivery vs. Security Assurance
Sec4dev 2021 - Catch Me If You can : Continuous Delivery vs. Security Assurance
Abdessamad TEMMAR
 
DevSecCon London 2017: when good containers go bad by Tim Mackey
DevSecCon London 2017: when good containers go bad by Tim MackeyDevSecCon London 2017: when good containers go bad by Tim Mackey
DevSecCon London 2017: when good containers go bad by Tim Mackey
DevSecCon
 
Avoiding GraphQL insecurities with OWASP SKF - OWASP HU meetup
Avoiding GraphQL insecurities with OWASP SKF - OWASP HU meetupAvoiding GraphQL insecurities with OWASP SKF - OWASP HU meetup
Avoiding GraphQL insecurities with OWASP SKF - OWASP HU meetup
Davide Cioccia
 
Henrique Dantas - API fuzzing using Swagger
Henrique Dantas - API fuzzing using SwaggerHenrique Dantas - API fuzzing using Swagger
Henrique Dantas - API fuzzing using Swagger
DevSecCon
 
DevSecCon Singapore 2018 - Maginot Line – 6 Common AppSec Anti-Patterns Preve...
DevSecCon Singapore 2018 - Maginot Line – 6 Common AppSec Anti-Patterns Preve...DevSecCon Singapore 2018 - Maginot Line – 6 Common AppSec Anti-Patterns Preve...
DevSecCon Singapore 2018 - Maginot Line – 6 Common AppSec Anti-Patterns Preve...
DevSecCon
 
DevSecCon Tel Aviv 2018 - Security learns to sprint by Tanya Janca
DevSecCon Tel Aviv 2018 - Security learns to sprint by Tanya JancaDevSecCon Tel Aviv 2018 - Security learns to sprint by Tanya Janca
DevSecCon Tel Aviv 2018 - Security learns to sprint by Tanya Janca
DevSecCon
 

Recommended

DevSecCon Tel Aviv 2018 - Value driven threat modeling by Avi Douglen
DevSecCon Tel Aviv 2018 - Value driven threat modeling by Avi DouglenDevSecCon Tel Aviv 2018 - Value driven threat modeling by Avi Douglen
DevSecCon Tel Aviv 2018 - Value driven threat modeling by Avi Douglen
DevSecCon
 
DevSecCon Tel Aviv 2018 - Security Testing for Containerised Apps by Omer Levi
DevSecCon Tel Aviv 2018 - Security Testing for Containerised Apps by Omer LeviDevSecCon Tel Aviv 2018 - Security Testing for Containerised Apps by Omer Levi
DevSecCon Tel Aviv 2018 - Security Testing for Containerised Apps by Omer Levi
DevSecCon
 
Sec4dev 2021 - Catch Me If You can : Continuous Delivery vs. Security Assurance
Sec4dev 2021 - Catch Me If You can : Continuous Delivery vs. Security AssuranceSec4dev 2021 - Catch Me If You can : Continuous Delivery vs. Security Assurance
Sec4dev 2021 - Catch Me If You can : Continuous Delivery vs. Security Assurance
Abdessamad TEMMAR
 
DevSecCon London 2017: when good containers go bad by Tim Mackey
DevSecCon London 2017: when good containers go bad by Tim MackeyDevSecCon London 2017: when good containers go bad by Tim Mackey
DevSecCon London 2017: when good containers go bad by Tim Mackey
DevSecCon
 
Avoiding GraphQL insecurities with OWASP SKF - OWASP HU meetup
Avoiding GraphQL insecurities with OWASP SKF - OWASP HU meetupAvoiding GraphQL insecurities with OWASP SKF - OWASP HU meetup
Avoiding GraphQL insecurities with OWASP SKF - OWASP HU meetup
Davide Cioccia
 
Henrique Dantas - API fuzzing using Swagger
Henrique Dantas - API fuzzing using SwaggerHenrique Dantas - API fuzzing using Swagger
Henrique Dantas - API fuzzing using Swagger
DevSecCon
 
DevSecCon Singapore 2018 - Maginot Line – 6 Common AppSec Anti-Patterns Preve...
DevSecCon Singapore 2018 - Maginot Line – 6 Common AppSec Anti-Patterns Preve...DevSecCon Singapore 2018 - Maginot Line – 6 Common AppSec Anti-Patterns Preve...
DevSecCon Singapore 2018 - Maginot Line – 6 Common AppSec Anti-Patterns Preve...
DevSecCon
 
DevSecCon Tel Aviv 2018 - Security learns to sprint by Tanya Janca
DevSecCon Tel Aviv 2018 - Security learns to sprint by Tanya JancaDevSecCon Tel Aviv 2018 - Security learns to sprint by Tanya Janca
DevSecCon Tel Aviv 2018 - Security learns to sprint by Tanya Janca
DevSecCon
 
DevSecCon Tel Aviv 2018 - End2End containers SSDLC by Vitaly Davidoff
DevSecCon Tel Aviv 2018 - End2End containers SSDLC by Vitaly DavidoffDevSecCon Tel Aviv 2018 - End2End containers SSDLC by Vitaly Davidoff
DevSecCon Tel Aviv 2018 - End2End containers SSDLC by Vitaly Davidoff
DevSecCon
 
Open Source Insight: Securing IoT, Atlanta Ransomware Attack, Congress on Cyb...
Open Source Insight: Securing IoT, Atlanta Ransomware Attack, Congress on Cyb...Open Source Insight: Securing IoT, Atlanta Ransomware Attack, Congress on Cyb...
Open Source Insight: Securing IoT, Atlanta Ransomware Attack, Congress on Cyb...
Black Duck by Synopsys
 
Ast in CI/CD by Ofer Maor
Ast in CI/CD by Ofer MaorAst in CI/CD by Ofer Maor
Ast in CI/CD by Ofer Maor
DevSecCon
 
Flight WEST 2018 Presentation - A Buyer Investor Playbook for Successfully Na...
Flight WEST 2018 Presentation - A Buyer Investor Playbook for Successfully Na...Flight WEST 2018 Presentation - A Buyer Investor Playbook for Successfully Na...
Flight WEST 2018 Presentation - A Buyer Investor Playbook for Successfully Na...
Black Duck by Synopsys
 
Static Analysis For Security and DevOps Happiness w/ Justin Collins
Static Analysis For Security and DevOps Happiness w/ Justin CollinsStatic Analysis For Security and DevOps Happiness w/ Justin Collins
Static Analysis For Security and DevOps Happiness w/ Justin Collins
Sonatype
 
A Secure DevOps Journey
A Secure DevOps JourneyA Secure DevOps Journey
A Secure DevOps Journey
Sonatype
 
In graph we trust: Microservices, GraphQL and security challenges
In graph we trust: Microservices, GraphQL and security challengesIn graph we trust: Microservices, GraphQL and security challenges
In graph we trust: Microservices, GraphQL and security challenges
Mohammed A. Imran
 
Best practice recommendations for utilizing open source software (from a lega...
Best practice recommendations for utilizing open source software (from a lega...Best practice recommendations for utilizing open source software (from a lega...
Best practice recommendations for utilizing open source software (from a lega...
Rogue Wave Software
 
#ATAGTR2018 Presentation " Security Testing for RESTful APIs" By Anuradha Raman
#ATAGTR2018 Presentation " Security Testing for RESTful APIs" By Anuradha Raman #ATAGTR2018 Presentation " Security Testing for RESTful APIs" By Anuradha Raman
#ATAGTR2018 Presentation " Security Testing for RESTful APIs" By Anuradha Raman
Agile Testing Alliance
 
DevSecOps: The Open Source Way
DevSecOps: The Open Source WayDevSecOps: The Open Source Way
DevSecOps: The Open Source Way
Black Duck by Synopsys
 
Matt carroll - "Security patching system packages is fun" said no-one ever
Matt carroll - "Security patching system packages is fun" said no-one everMatt carroll - "Security patching system packages is fun" said no-one ever
Matt carroll - "Security patching system packages is fun" said no-one ever
DevSecCon
 
FLIGHT WEST 2018 Presentation - Continuous Monitoring of Open Source Componen...
FLIGHT WEST 2018 Presentation - Continuous Monitoring of Open Source Componen...FLIGHT WEST 2018 Presentation - Continuous Monitoring of Open Source Componen...
FLIGHT WEST 2018 Presentation - Continuous Monitoring of Open Source Componen...
Black Duck by Synopsys
 
Penetration testing must die
Penetration testing must diePenetration testing must die
Penetration testing must die
Security BSides London
 
Securing the container DevOps pipeline by William Henry
Securing the container DevOps pipeline by William HenrySecuring the container DevOps pipeline by William Henry
Securing the container DevOps pipeline by William Henry
DevSecCon
 
[DevSecOps Live] DevSecOps: Challenges and Opportunities
[DevSecOps Live] DevSecOps: Challenges and Opportunities[DevSecOps Live] DevSecOps: Challenges and Opportunities
[DevSecOps Live] DevSecOps: Challenges and Opportunities
Mohammed A. Imran
 
Node.js Module: I Choose You!
Node.js Module: I Choose You!Node.js Module: I Choose You!
Node.js Module: I Choose You!
Bethany Nicolle Griggs
 
Android lint presentation
Android lint presentationAndroid lint presentation
Android lint presentation
Sinan KOZAK
 
Open Source Compliance at Twitter
Open Source Compliance at TwitterOpen Source Compliance at Twitter
Open Source Compliance at Twitter
Chris Aniszczyk
 
Top Security Challenges Facing Credit Unions Today
Top Security Challenges Facing Credit Unions TodayTop Security Challenges Facing Credit Unions Today
Top Security Challenges Facing Credit Unions Today
Chris Gates
 
DevSecCon London 2017: Shift happens ... by Colin Domoney
DevSecCon London 2017: Shift happens ... by Colin Domoney DevSecCon London 2017: Shift happens ... by Colin Domoney
DevSecCon London 2017: Shift happens ... by Colin Domoney
DevSecCon
 
Jason Kent - AppSec Without Additional Tools
Jason Kent - AppSec Without Additional ToolsJason Kent - AppSec Without Additional Tools
Jason Kent - AppSec Without Additional Tools
centralohioissa
 
Open DevSecOps 2019 - Securing the Software Supply Chain - Sonatype
Open DevSecOps 2019 - Securing the Software Supply Chain - SonatypeOpen DevSecOps 2019 - Securing the Software Supply Chain - Sonatype
Open DevSecOps 2019 - Securing the Software Supply Chain - Sonatype
Emerasoft, solutions to collaborate
 

More Related Content

What's hot

A Secure DevOps Journey
A Secure DevOps JourneyA Secure DevOps Journey
A Secure DevOps Journey
Sonatype
 
In graph we trust: Microservices, GraphQL and security challenges
In graph we trust: Microservices, GraphQL and security challengesIn graph we trust: Microservices, GraphQL and security challenges
In graph we trust: Microservices, GraphQL and security challenges
Mohammed A. Imran
 
DevSecOps: The Open Source Way
DevSecOps: The Open Source WayDevSecOps: The Open Source Way
DevSecOps: The Open Source Way
Black Duck by Synopsys
 
Matt carroll - "Security patching system packages is fun" said no-one ever
Matt carroll - "Security patching system packages is fun" said no-one everMatt carroll - "Security patching system packages is fun" said no-one ever
Matt carroll - "Security patching system packages is fun" said no-one ever
DevSecCon
 
Open Source Compliance at Twitter
Open Source Compliance at TwitterOpen Source Compliance at Twitter
Open Source Compliance at Twitter
Chris Aniszczyk
 

What's hot (20)

DevSecCon Tel Aviv 2018 - End2End containers SSDLC by Vitaly Davidoff
DevSecCon Tel Aviv 2018 - End2End containers SSDLC by Vitaly DavidoffDevSecCon Tel Aviv 2018 - End2End containers SSDLC by Vitaly Davidoff
DevSecCon Tel Aviv 2018 - End2End containers SSDLC by Vitaly Davidoff
 
Open Source Insight: Securing IoT, Atlanta Ransomware Attack, Congress on Cyb...
Open Source Insight: Securing IoT, Atlanta Ransomware Attack, Congress on Cyb...Open Source Insight: Securing IoT, Atlanta Ransomware Attack, Congress on Cyb...
Open Source Insight: Securing IoT, Atlanta Ransomware Attack, Congress on Cyb...
 
Ast in CI/CD by Ofer Maor
Ast in CI/CD by Ofer MaorAst in CI/CD by Ofer Maor
Ast in CI/CD by Ofer Maor
 
Flight WEST 2018 Presentation - A Buyer Investor Playbook for Successfully Na...
Flight WEST 2018 Presentation - A Buyer Investor Playbook for Successfully Na...Flight WEST 2018 Presentation - A Buyer Investor Playbook for Successfully Na...
Flight WEST 2018 Presentation - A Buyer Investor Playbook for Successfully Na...
 
Static Analysis For Security and DevOps Happiness w/ Justin Collins
Static Analysis For Security and DevOps Happiness w/ Justin CollinsStatic Analysis For Security and DevOps Happiness w/ Justin Collins
Static Analysis For Security and DevOps Happiness w/ Justin Collins
 
A Secure DevOps Journey
A Secure DevOps JourneyA Secure DevOps Journey
A Secure DevOps Journey
 
In graph we trust: Microservices, GraphQL and security challenges
In graph we trust: Microservices, GraphQL and security challengesIn graph we trust: Microservices, GraphQL and security challenges
In graph we trust: Microservices, GraphQL and security challenges
 
Best practice recommendations for utilizing open source software (from a lega...
Best practice recommendations for utilizing open source software (from a lega...Best practice recommendations for utilizing open source software (from a lega...
Best practice recommendations for utilizing open source software (from a lega...
 
#ATAGTR2018 Presentation " Security Testing for RESTful APIs" By Anuradha Raman
#ATAGTR2018 Presentation " Security Testing for RESTful APIs" By Anuradha Raman #ATAGTR2018 Presentation " Security Testing for RESTful APIs" By Anuradha Raman
#ATAGTR2018 Presentation " Security Testing for RESTful APIs" By Anuradha Raman
 
DevSecOps: The Open Source Way
DevSecOps: The Open Source WayDevSecOps: The Open Source Way
DevSecOps: The Open Source Way
 
Matt carroll - "Security patching system packages is fun" said no-one ever
Matt carroll - "Security patching system packages is fun" said no-one everMatt carroll - "Security patching system packages is fun" said no-one ever
Matt carroll - "Security patching system packages is fun" said no-one ever
 
FLIGHT WEST 2018 Presentation - Continuous Monitoring of Open Source Componen...
FLIGHT WEST 2018 Presentation - Continuous Monitoring of Open Source Componen...FLIGHT WEST 2018 Presentation - Continuous Monitoring of Open Source Componen...
FLIGHT WEST 2018 Presentation - Continuous Monitoring of Open Source Componen...
 
Penetration testing must die
Penetration testing must diePenetration testing must die
Penetration testing must die
 
Securing the container DevOps pipeline by William Henry
Securing the container DevOps pipeline by William HenrySecuring the container DevOps pipeline by William Henry
Securing the container DevOps pipeline by William Henry
 
[DevSecOps Live] DevSecOps: Challenges and Opportunities
[DevSecOps Live] DevSecOps: Challenges and Opportunities[DevSecOps Live] DevSecOps: Challenges and Opportunities
[DevSecOps Live] DevSecOps: Challenges and Opportunities
 
Node.js Module: I Choose You!
Node.js Module: I Choose You!Node.js Module: I Choose You!
Node.js Module: I Choose You!
 
Android lint presentation
Android lint presentationAndroid lint presentation
Android lint presentation
 
Open Source Compliance at Twitter
Open Source Compliance at TwitterOpen Source Compliance at Twitter
Open Source Compliance at Twitter
 
Top Security Challenges Facing Credit Unions Today
Top Security Challenges Facing Credit Unions TodayTop Security Challenges Facing Credit Unions Today
Top Security Challenges Facing Credit Unions Today
 
DevSecCon London 2017: Shift happens ... by Colin Domoney
DevSecCon London 2017: Shift happens ... by Colin Domoney DevSecCon London 2017: Shift happens ... by Colin Domoney
DevSecCon London 2017: Shift happens ... by Colin Domoney
 

Similar to OSSF 2018 - Jamie Jones of GitHub - Pull what where? Contributing to Open Source, securely, on GitHub

AppSec in an Agile World
AppSec in an Agile WorldAppSec in an Agile World
AppSec in an Agile World
David Lindner
 
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Denim Group
 
Modern Web 2019 從零開始加入自動化資安測試
Modern Web 2019 從零開始加入自動化資安測試Modern Web 2019 從零開始加入自動化資安測試
Modern Web 2019 從零開始加入自動化資安測試
Secview
 
ProdSec: A Technical Approach
ProdSec: A Technical ApproachProdSec: A Technical Approach
ProdSec: A Technical Approach
Jeremy Brown
 
The Future is Here. The Future is Code.
The Future is Here. The Future is Code.The Future is Here. The Future is Code.
The Future is Here. The Future is Code.
Amazon Web Services
 
Divine and felonios cyber security devopsdays austin 2018
Divine and felonios cyber security devopsdays austin 2018Divine and felonios cyber security devopsdays austin 2018
Divine and felonios cyber security devopsdays austin 2018
John Willis
 
A question of trust - understanding Open Source risks
A question of trust - understanding Open Source risksA question of trust - understanding Open Source risks
A question of trust - understanding Open Source risks
Tim Mackey
 
There’s an OpenBullet Attack Config for Your Site – What Should You Do?
There’s an OpenBullet Attack Config for Your Site – What Should You Do?There’s an OpenBullet Attack Config for Your Site – What Should You Do?
There’s an OpenBullet Attack Config for Your Site – What Should You Do?
DevOps.com
 

Similar to OSSF 2018 - Jamie Jones of GitHub - Pull what where? Contributing to Open Source, securely, on GitHub (20)

Jason Kent - AppSec Without Additional Tools
Jason Kent - AppSec Without Additional ToolsJason Kent - AppSec Without Additional Tools
Jason Kent - AppSec Without Additional Tools
 
Open DevSecOps 2019 - Securing the Software Supply Chain - Sonatype
Open DevSecOps 2019 - Securing the Software Supply Chain - SonatypeOpen DevSecOps 2019 - Securing the Software Supply Chain - Sonatype
Open DevSecOps 2019 - Securing the Software Supply Chain - Sonatype
 
AppSec in an Agile World
AppSec in an Agile WorldAppSec in an Agile World
AppSec in an Agile World
 
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
 
Aleksei Dremin - Application Security Pipeline - phdays9
Aleksei Dremin - Application Security Pipeline - phdays9Aleksei Dremin - Application Security Pipeline - phdays9
Aleksei Dremin - Application Security Pipeline - phdays9
 
Modern Web 2019 從零開始加入自動化資安測試
Modern Web 2019 從零開始加入自動化資安測試Modern Web 2019 從零開始加入自動化資安測試
Modern Web 2019 從零開始加入自動化資安測試
 
ProdSec: A Technical Approach
ProdSec: A Technical ApproachProdSec: A Technical Approach
ProdSec: A Technical Approach
 
The Future is Here. The Future is Code.
The Future is Here. The Future is Code.The Future is Here. The Future is Code.
The Future is Here. The Future is Code.
 
Divine and felonios cyber security devopsdays austin 2018
Divine and felonios cyber security devopsdays austin 2018Divine and felonios cyber security devopsdays austin 2018
Divine and felonios cyber security devopsdays austin 2018
 
Code Quality - Security
Code Quality - SecurityCode Quality - Security
Code Quality - Security
 
A question of trust - understanding Open Source risks
A question of trust - understanding Open Source risksA question of trust - understanding Open Source risks
A question of trust - understanding Open Source risks
 
ShiftGearsWithInformationSecurity.pdf
ShiftGearsWithInformationSecurity.pdfShiftGearsWithInformationSecurity.pdf
ShiftGearsWithInformationSecurity.pdf
 
Static Code Analysis
Static Code AnalysisStatic Code Analysis
Static Code Analysis
 
DEEPSEC 2013: Malware Datamining And Attribution
DEEPSEC 2013: Malware Datamining And AttributionDEEPSEC 2013: Malware Datamining And Attribution
DEEPSEC 2013: Malware Datamining And Attribution
 
There’s an OpenBullet Attack Config for Your Site – What Should You Do?
There’s an OpenBullet Attack Config for Your Site – What Should You Do?There’s an OpenBullet Attack Config for Your Site – What Should You Do?
There’s an OpenBullet Attack Config for Your Site – What Should You Do?
 
Getting Ahead of Delivery Issues with Deep SDLC Analysis by Donald Belcham
Getting Ahead of Delivery Issues with Deep SDLC Analysis by Donald BelchamGetting Ahead of Delivery Issues with Deep SDLC Analysis by Donald Belcham
Getting Ahead of Delivery Issues with Deep SDLC Analysis by Donald Belcham
 
The Hacking Game - Think Like a Hacker Meetup 12072023.pptx
The Hacking Game - Think Like a Hacker Meetup 12072023.pptxThe Hacking Game - Think Like a Hacker Meetup 12072023.pptx
The Hacking Game - Think Like a Hacker Meetup 12072023.pptx
 
Open Source Security and ChatGPT-Published.pdf
Open Source Security and ChatGPT-Published.pdfOpen Source Security and ChatGPT-Published.pdf
Open Source Security and ChatGPT-Published.pdf
 
Donu’t Let Vulnerabilities Create a Hole in Your Organization
Donu’t Let Vulnerabilities Create a Hole in Your OrganizationDonu’t Let Vulnerabilities Create a Hole in Your Organization
Donu’t Let Vulnerabilities Create a Hole in Your Organization
 
Commodity malware means YOU
Commodity malware means YOUCommodity malware means YOU
Commodity malware means YOU
 

More from FINOS

OSSF 2018 - Steve Helvie of the Open Compute Network - Rethinking Infrastruct...
OSSF 2018 - Steve Helvie of the Open Compute Network - Rethinking Infrastruct...OSSF 2018 - Steve Helvie of the Open Compute Network - Rethinking Infrastruct...
OSSF 2018 - Steve Helvie of the Open Compute Network - Rethinking Infrastruct...
FINOS
 
OSSF 2018 - Stefan Just of Codescoop - OSCAR - a new approach to Software Com...
OSSF 2018 - Stefan Just of Codescoop - OSCAR - a new approach to Software Com...OSSF 2018 - Stefan Just of Codescoop - OSCAR - a new approach to Software Com...
OSSF 2018 - Stefan Just of Codescoop - OSCAR - a new approach to Software Com...
FINOS
 
OSSF 2018 - Matt Barrett of Adaptive - Open sourcing a bank's software: exact...
OSSF 2018 - Matt Barrett of Adaptive - Open sourcing a bank's software: exact...OSSF 2018 - Matt Barrett of Adaptive - Open sourcing a bank's software: exact...
OSSF 2018 - Matt Barrett of Adaptive - Open sourcing a bank's software: exact...
FINOS
 
OSSF 2018 - Overcoming Compliance Barriers to Open Source Collaboration Infra...
OSSF 2018 - Overcoming Compliance Barriers to Open Source Collaboration Infra...OSSF 2018 - Overcoming Compliance Barriers to Open Source Collaboration Infra...
OSSF 2018 - Overcoming Compliance Barriers to Open Source Collaboration Infra...
FINOS
 
OSSF 2018 - Jeff Luszcz of Flexera - Day 2 - Open Source Culture, Standards, ...
OSSF 2018 - Jeff Luszcz of Flexera - Day 2 - Open Source Culture, Standards, ...OSSF 2018 - Jeff Luszcz of Flexera - Day 2 - Open Source Culture, Standards, ...
OSSF 2018 - Jeff Luszcz of Flexera - Day 2 - Open Source Culture, Standards, ...
FINOS
 
OSSF 2018 - Jeff Luszcz of Flexera - Common Open Source Intake Issues and How...
OSSF 2018 - Jeff Luszcz of Flexera - Common Open Source Intake Issues and How...OSSF 2018 - Jeff Luszcz of Flexera - Common Open Source Intake Issues and How...
OSSF 2018 - Jeff Luszcz of Flexera - Common Open Source Intake Issues and How...
FINOS
 
OSSF 2018 - Greg Olson of Open Source Sense - Building Mission- and Business-...
OSSF 2018 - Greg Olson of Open Source Sense - Building Mission- and Business-...OSSF 2018 - Greg Olson of Open Source Sense - Building Mission- and Business-...
OSSF 2018 - Greg Olson of Open Source Sense - Building Mission- and Business-...
FINOS
 
OSSF 2018 - David Kappos of Cravath, Swaine & Moore - Accounting for Patents ...
OSSF 2018 - David Kappos of Cravath, Swaine & Moore - Accounting for Patents ...OSSF 2018 - David Kappos of Cravath, Swaine & Moore - Accounting for Patents ...
OSSF 2018 - David Kappos of Cravath, Swaine & Moore - Accounting for Patents ...
FINOS
 
OSSF 2018 - David habusha of Whitesource - Open Source Vulnerabilities 101
OSSF 2018 - David habusha of Whitesource - Open Source Vulnerabilities 101OSSF 2018 - David habusha of Whitesource - Open Source Vulnerabilities 101
OSSF 2018 - David habusha of Whitesource - Open Source Vulnerabilities 101
FINOS
 
OSSF 2018 - Daniel Izquierdo of Bitergia / InnerSource Commons - Starting wit...
OSSF 2018 - Daniel Izquierdo of Bitergia / InnerSource Commons - Starting wit...OSSF 2018 - Daniel Izquierdo of Bitergia / InnerSource Commons - Starting wit...
OSSF 2018 - Daniel Izquierdo of Bitergia / InnerSource Commons - Starting wit...
FINOS
 
OSSF 2018 - Danese Cooper of NearForm - Getting the most out of Open Source i...
OSSF 2018 - Danese Cooper of NearForm - Getting the most out of Open Source i...OSSF 2018 - Danese Cooper of NearForm - Getting the most out of Open Source i...
OSSF 2018 - Danese Cooper of NearForm - Getting the most out of Open Source i...
FINOS
 
OSSF 2018 - Colin Charles of GrokOpen - Community vs. enterprise how not to ...
OSSF 2018 - Colin Charles of GrokOpen - Community vs. enterprise how not to ...OSSF 2018 - Colin Charles of GrokOpen - Community vs. enterprise how not to ...
OSSF 2018 - Colin Charles of GrokOpen - Community vs. enterprise how not to ...
FINOS
 
OSSF 2018 - Andrew Katz of Moorcrofts - OpenChain: a Tested Framework for Ope...
OSSF 2018 - Andrew Katz of Moorcrofts - OpenChain: a Tested Framework for Ope...OSSF 2018 - Andrew Katz of Moorcrofts - OpenChain: a Tested Framework for Ope...
OSSF 2018 - Andrew Katz of Moorcrofts - OpenChain: a Tested Framework for Ope...
FINOS
 

More from FINOS (20)

2019-03 - An introduction to FINOS
2019-03 - An introduction to FINOS2019-03 - An introduction to FINOS
2019-03 - An introduction to FINOS
 
OSSF 2018 - Peter Crocker of Cumulus Networks - TCO and technical advantages ...
OSSF 2018 - Peter Crocker of Cumulus Networks - TCO and technical advantages ...OSSF 2018 - Peter Crocker of Cumulus Networks - TCO and technical advantages ...
OSSF 2018 - Peter Crocker of Cumulus Networks - TCO and technical advantages ...
 
OSSF 2018 - Steve Helvie of the Open Compute Network - Rethinking Infrastruct...
OSSF 2018 - Steve Helvie of the Open Compute Network - Rethinking Infrastruct...OSSF 2018 - Steve Helvie of the Open Compute Network - Rethinking Infrastruct...
OSSF 2018 - Steve Helvie of the Open Compute Network - Rethinking Infrastruct...
 
OSSF 2018 - Stefan Just of Codescoop - OSCAR - a new approach to Software Com...
OSSF 2018 - Stefan Just of Codescoop - OSCAR - a new approach to Software Com...OSSF 2018 - Stefan Just of Codescoop - OSCAR - a new approach to Software Com...
OSSF 2018 - Stefan Just of Codescoop - OSCAR - a new approach to Software Com...
 
OSSF 2018 - Nick Kolba of OpenFin - FDC3 and the Legacy of Web Intents
OSSF 2018 - Nick Kolba of OpenFin - FDC3 and the Legacy of Web IntentsOSSF 2018 - Nick Kolba of OpenFin - FDC3 and the Legacy of Web Intents
OSSF 2018 - Nick Kolba of OpenFin - FDC3 and the Legacy of Web Intents
 
OSSF 2018 - Matt Barrett of Adaptive - Open sourcing a bank's software: exact...
OSSF 2018 - Matt Barrett of Adaptive - Open sourcing a bank's software: exact...OSSF 2018 - Matt Barrett of Adaptive - Open sourcing a bank's software: exact...
OSSF 2018 - Matt Barrett of Adaptive - Open sourcing a bank's software: exact...
 
OSSF 2018 - Overcoming Compliance Barriers to Open Source Collaboration Infra...
OSSF 2018 - Overcoming Compliance Barriers to Open Source Collaboration Infra...OSSF 2018 - Overcoming Compliance Barriers to Open Source Collaboration Infra...
OSSF 2018 - Overcoming Compliance Barriers to Open Source Collaboration Infra...
 
OSSF 2018 - Jilayne Lovejoy - Training: Intro to Open Source
OSSF 2018 - Jilayne Lovejoy - Training: Intro to Open SourceOSSF 2018 - Jilayne Lovejoy - Training: Intro to Open Source
OSSF 2018 - Jilayne Lovejoy - Training: Intro to Open Source
 
OSSF 2018 - Jeff Luszcz of Flexera - Day 2 - Open Source Culture, Standards, ...
OSSF 2018 - Jeff Luszcz of Flexera - Day 2 - Open Source Culture, Standards, ...OSSF 2018 - Jeff Luszcz of Flexera - Day 2 - Open Source Culture, Standards, ...
OSSF 2018 - Jeff Luszcz of Flexera - Day 2 - Open Source Culture, Standards, ...
 
OSSF 2018 - Jeff Luszcz of Flexera - Common Open Source Intake Issues and How...
OSSF 2018 - Jeff Luszcz of Flexera - Common Open Source Intake Issues and How...OSSF 2018 - Jeff Luszcz of Flexera - Common Open Source Intake Issues and How...
OSSF 2018 - Jeff Luszcz of Flexera - Common Open Source Intake Issues and How...
 
OSSF 2018 - Jared Broad of QuantConnect - Motivations and Business Goals for ...
OSSF 2018 - Jared Broad of QuantConnect - Motivations and Business Goals for ...OSSF 2018 - Jared Broad of QuantConnect - Motivations and Business Goals for ...
OSSF 2018 - Jared Broad of QuantConnect - Motivations and Business Goals for ...
 
OSSF 2018 - Greg Olson of Open Source Sense - Building Mission- and Business-...
OSSF 2018 - Greg Olson of Open Source Sense - Building Mission- and Business-...OSSF 2018 - Greg Olson of Open Source Sense - Building Mission- and Business-...
OSSF 2018 - Greg Olson of Open Source Sense - Building Mission- and Business-...
 
OSSF 2018 - Dawn Foster of Pivotal - Open Source Collaboration: Finding the R...
OSSF 2018 - Dawn Foster of Pivotal - Open Source Collaboration: Finding the R...OSSF 2018 - Dawn Foster of Pivotal - Open Source Collaboration: Finding the R...
OSSF 2018 - Dawn Foster of Pivotal - Open Source Collaboration: Finding the R...
 
OSSF 2018 - David Kappos of Cravath, Swaine & Moore - Accounting for Patents ...
OSSF 2018 - David Kappos of Cravath, Swaine & Moore - Accounting for Patents ...OSSF 2018 - David Kappos of Cravath, Swaine & Moore - Accounting for Patents ...
OSSF 2018 - David Kappos of Cravath, Swaine & Moore - Accounting for Patents ...
 
OSSF 2018 - David habusha of Whitesource - Open Source Vulnerabilities 101
OSSF 2018 - David habusha of Whitesource - Open Source Vulnerabilities 101OSSF 2018 - David habusha of Whitesource - Open Source Vulnerabilities 101
OSSF 2018 - David habusha of Whitesource - Open Source Vulnerabilities 101
 
OSSF 2018 - Daniel Izquierdo of Bitergia / InnerSource Commons - Starting wit...
OSSF 2018 - Daniel Izquierdo of Bitergia / InnerSource Commons - Starting wit...OSSF 2018 - Daniel Izquierdo of Bitergia / InnerSource Commons - Starting wit...
OSSF 2018 - Daniel Izquierdo of Bitergia / InnerSource Commons - Starting wit...
 
OSSF 2018 - Danese Cooper of NearForm - Getting the most out of Open Source i...
OSSF 2018 - Danese Cooper of NearForm - Getting the most out of Open Source i...OSSF 2018 - Danese Cooper of NearForm - Getting the most out of Open Source i...
OSSF 2018 - Danese Cooper of NearForm - Getting the most out of Open Source i...
 
OSSF 2018 - Colin Charles of GrokOpen - Community vs. enterprise how not to ...
OSSF 2018 - Colin Charles of GrokOpen - Community vs. enterprise how not to ...OSSF 2018 - Colin Charles of GrokOpen - Community vs. enterprise how not to ...
OSSF 2018 - Colin Charles of GrokOpen - Community vs. enterprise how not to ...
 
OSSF 2018 - Andrew Katz of Moorcrofts - OpenChain: a Tested Framework for Ope...
OSSF 2018 - Andrew Katz of Moorcrofts - OpenChain: a Tested Framework for Ope...OSSF 2018 - Andrew Katz of Moorcrofts - OpenChain: a Tested Framework for Ope...
OSSF 2018 - Andrew Katz of Moorcrofts - OpenChain: a Tested Framework for Ope...
 
OSSF 2018 - Amanda Brock of The Open Invention Network - Open Source Audits
OSSF 2018 - Amanda Brock of The Open Invention Network - Open Source AuditsOSSF 2018 - Amanda Brock of The Open Invention Network - Open Source Audits
OSSF 2018 - Amanda Brock of The Open Invention Network - Open Source Audits
 

Recently uploaded

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 

Recently uploaded (20)

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 

OSSF 2018 - Jamie Jones of GitHub - Pull what where? Contributing to Open Source, securely, on GitHub