Before It's Out The Door: Securing Outbound Open Source

•

0 likes•52 views

When your organization decides it is time to release part of your codebase as open source software it is important to consider security implications for your internal stakeholders as well as downstream users of your project. After the release of your project to the public, you have a responsibility to actively monitor and maintain your code. In this talk we will explore how to prepare your code and organize your project to ensure that security is baked in from the first release and that you lay the foundation for ensuring all stakeholders remain secure throughout the entirety of the project's lifecycle. Participants will learn how to build and improve their outbound open source security processes with initial and ongoing governance and security processes. We will also discuss planning for responsible disclosure, securing related infrastructure and documentation, as well as end of life and end of support considerations for your open source project. View Sample Policies and Template at: https://github.com/erichgoldman/outbound-open-source-policy

•
•
•

•
•
•
•

•
•
•
•
•
•
•
•
•

•
•
•
•
•

•
•
•
•
•

•
•
•
•
•

•
•
•
•
•
•
•
•
•
•

• →
•
•
•
•
•
•
•
•

•
•
•
•
•
•

•
•
•
•
•
•

•
•
•
•
•
•
•

•
•
•
•
•
•
•

•
•
•
•
•

•
•
•
•
•

•
•
•
•
•

•
•
•
•

Before It's Out The Door: Securing Outbound Open Source

Recommended

Apple - Technical SEO - 19/12/2019

Apple - Technical SEO - 19/12/2019

Apple - Technical SEO - 19/12/2019Nick Samuel

Is a Water Quality Trading Program Right for Your Facility?

Is a Water Quality Trading Program Right for Your Facility?

Is a Water Quality Trading Program Right for Your Facility?The Freshwater Trust

Inspire Global Partner Conference 2018 - News from Partnership & Marketing Ma...

Inspire Global Partner Conference 2018 - News from Partnership & Marketing Ma...

Inspire Global Partner Conference 2018 - News from Partnership & Marketing Ma...Pimcore

Conventions of a music video

Conventions of a music video

Conventions of a music videociaraferreira

Pivoting to Become More Relevant During and Post-COVID-19

Pivoting to Become More Relevant During and Post-COVID-19

Pivoting to Become More Relevant During and Post-COVID-19Elizabeth (Liz) Ngonzi

Fragmented Data, One Source of Truth: Why Datorama is Changing B2B

Fragmented Data, One Source of Truth: Why Datorama is Changing B2B

Fragmented Data, One Source of Truth: Why Datorama is Changing B2BPerficient, Inc.

Product research presentation

Product research presentation

Product research presentationBryan Anthony Miso

Stainless steel pipes grades

Stainless steel pipes grades

Stainless steel pipes gradesaspirinox

Recommended

Apple - Technical SEO - 19/12/2019

Apple - Technical SEO - 19/12/2019

Apple - Technical SEO - 19/12/2019Nick Samuel

Is a Water Quality Trading Program Right for Your Facility?

Is a Water Quality Trading Program Right for Your Facility?

Is a Water Quality Trading Program Right for Your Facility?The Freshwater Trust

Inspire Global Partner Conference 2018 - News from Partnership & Marketing Ma...

Inspire Global Partner Conference 2018 - News from Partnership & Marketing Ma...

Inspire Global Partner Conference 2018 - News from Partnership & Marketing Ma...Pimcore

Conventions of a music video

Conventions of a music video

Conventions of a music videociaraferreira

Pivoting to Become More Relevant During and Post-COVID-19

Pivoting to Become More Relevant During and Post-COVID-19

Pivoting to Become More Relevant During and Post-COVID-19Elizabeth (Liz) Ngonzi

Fragmented Data, One Source of Truth: Why Datorama is Changing B2B

Fragmented Data, One Source of Truth: Why Datorama is Changing B2B

Fragmented Data, One Source of Truth: Why Datorama is Changing B2BPerficient, Inc.

Product research presentation

Product research presentation

Product research presentationBryan Anthony Miso

Stainless steel pipes grades

Stainless steel pipes grades

Stainless steel pipes gradesaspirinox

Vacature Product Manager Energy

Vacature Product Manager Energy

Vacature Product Manager Energyfifthplay

Generation Y - Marketing Class Presentation

Generation Y - Marketing Class Presentation

Generation Y - Marketing Class PresentationJeremy McQuigge

Android Architecture Components

Android Architecture Components

Android Architecture ComponentsHenna Singh

Performance Display: Delivering Results

Performance Display: Delivering Results

Performance Display: Delivering Results SiteVisibility

Selecting corporate bonds with the portfolio software Exante Corporate

Selecting corporate bonds with the portfolio software Exante Corporate

Selecting corporate bonds with the portfolio software Exante CorporateDiaman Tech S.r.l.

E types dilemma coursera strategic management

E types dilemma coursera strategic management

E types dilemma coursera strategic managementSHLOKRATNAPARKHI

Pdhpe rationale

Pdhpe rationale

Pdhpe rationaleHajar13

Open, close, inform, protect

Open, close, inform, protect

Open, close, inform, protectKay Knowles ACIM

Stott and May Company Overview 2015

Stott and May Company Overview 2015

Stott and May Company Overview 2015Madina Maglione

Cordoba province turismo

Cordoba province turismo

Cordoba province turismomarialujanrivera

Boomerang Firsatkapp Genel Sunum 151111

Boomerang Firsatkapp Genel Sunum 151111

Boomerang Firsatkapp Genel Sunum 151111Cagil Yuzer

Video Channel Demonstrating Hydroponic Troughs as Year-round Sustainable Stra...

Video Channel Demonstrating Hydroponic Troughs as Year-round Sustainable Stra...

Video Channel Demonstrating Hydroponic Troughs as Year-round Sustainable Stra...sberries

storybook mi-- goldielocks THIS ONE

storybook mi-- goldielocks THIS ONE

storybook mi-- goldielocks THIS ONEspencerpachta

KnowCrunch - Fashion Event Plan & Budget - Team 1

KnowCrunch - Fashion Event Plan & Budget - Team 1

KnowCrunch - Fashion Event Plan & Budget - Team 1Knowcrunch

Search 101Joses Sacilioc

Lead at NY Fashion Week 2.10 2.11

Lead at NY Fashion Week 2.10 2.11

Lead at NY Fashion Week 2.10 2.11ChristinaElezaj

IoT & BPM presentation IRM conference EA & BPM 2016

IoT & BPM presentation IRM conference EA & BPM 2016

IoT & BPM presentation IRM conference EA & BPM 2016PNMsoft iBPMS

Cuestionario a _circulatorio

Cuestionario a _circulatorio

Cuestionario a _circulatorio342amorillo

Keep the Licking Valley Fireworks: The Story Behind the 30-in-15 Raffle

Keep the Licking Valley Fireworks: The Story Behind the 30-in-15 Raffle

Keep the Licking Valley Fireworks: The Story Behind the 30-in-15 RaffleDerekStein

UKBAA Effective Investor Workshop at Engine Shed

UKBAA Effective Investor Workshop at Engine Shed

UKBAA Effective Investor Workshop at Engine ShedBriony Phillips

Auditing web servers for HIPAA compliance - §164.312(a)(1)

Auditing web servers for HIPAA compliance - §164.312(a)(1)

Auditing web servers for HIPAA compliance - §164.312(a)(1)Eric Goldman

Fair Information Practices: Overview and Application to the Omnibus Approach

Fair Information Practices: Overview and Application to the Omnibus Approach

Fair Information Practices: Overview and Application to the Omnibus ApproachEric Goldman

More Related Content

What's hot

Vacature Product Manager Energy

Vacature Product Manager Energy

Vacature Product Manager Energyfifthplay

Generation Y - Marketing Class Presentation

Generation Y - Marketing Class Presentation

Generation Y - Marketing Class PresentationJeremy McQuigge

Android Architecture Components

Android Architecture Components

Android Architecture ComponentsHenna Singh

Performance Display: Delivering Results

Performance Display: Delivering Results

Performance Display: Delivering Results SiteVisibility

Selecting corporate bonds with the portfolio software Exante Corporate

Selecting corporate bonds with the portfolio software Exante Corporate

Selecting corporate bonds with the portfolio software Exante CorporateDiaman Tech S.r.l.

E types dilemma coursera strategic management

E types dilemma coursera strategic management

E types dilemma coursera strategic managementSHLOKRATNAPARKHI

Pdhpe rationale

Pdhpe rationale

Pdhpe rationaleHajar13

Open, close, inform, protect

Open, close, inform, protect

Open, close, inform, protectKay Knowles ACIM

Stott and May Company Overview 2015

Stott and May Company Overview 2015

Stott and May Company Overview 2015Madina Maglione

Cordoba province turismo

Cordoba province turismo

Cordoba province turismomarialujanrivera

Boomerang Firsatkapp Genel Sunum 151111

Boomerang Firsatkapp Genel Sunum 151111

Boomerang Firsatkapp Genel Sunum 151111Cagil Yuzer

Video Channel Demonstrating Hydroponic Troughs as Year-round Sustainable Stra...

Video Channel Demonstrating Hydroponic Troughs as Year-round Sustainable Stra...

Video Channel Demonstrating Hydroponic Troughs as Year-round Sustainable Stra...sberries

storybook mi-- goldielocks THIS ONE

storybook mi-- goldielocks THIS ONE

storybook mi-- goldielocks THIS ONEspencerpachta

KnowCrunch - Fashion Event Plan & Budget - Team 1

KnowCrunch - Fashion Event Plan & Budget - Team 1

KnowCrunch - Fashion Event Plan & Budget - Team 1Knowcrunch

Search 101Joses Sacilioc

Lead at NY Fashion Week 2.10 2.11

Lead at NY Fashion Week 2.10 2.11

Lead at NY Fashion Week 2.10 2.11ChristinaElezaj

IoT & BPM presentation IRM conference EA & BPM 2016

IoT & BPM presentation IRM conference EA & BPM 2016

IoT & BPM presentation IRM conference EA & BPM 2016PNMsoft iBPMS

Cuestionario a _circulatorio

Cuestionario a _circulatorio

Cuestionario a _circulatorio342amorillo

Keep the Licking Valley Fireworks: The Story Behind the 30-in-15 Raffle

Keep the Licking Valley Fireworks: The Story Behind the 30-in-15 Raffle

Keep the Licking Valley Fireworks: The Story Behind the 30-in-15 RaffleDerekStein

UKBAA Effective Investor Workshop at Engine Shed

UKBAA Effective Investor Workshop at Engine Shed

UKBAA Effective Investor Workshop at Engine ShedBriony Phillips

What's hot (20)

Vacature Product Manager Energy

Vacature Product Manager Energy

Vacature Product Manager Energy

Generation Y - Marketing Class Presentation

Generation Y - Marketing Class Presentation

Generation Y - Marketing Class Presentation

Android Architecture Components

Android Architecture Components

Android Architecture Components

Performance Display: Delivering Results

Performance Display: Delivering Results

Performance Display: Delivering Results

Selecting corporate bonds with the portfolio software Exante Corporate

Selecting corporate bonds with the portfolio software Exante Corporate

Selecting corporate bonds with the portfolio software Exante Corporate

E types dilemma coursera strategic management

E types dilemma coursera strategic management

E types dilemma coursera strategic management

Pdhpe rationale

Pdhpe rationale

Pdhpe rationale

Open, close, inform, protect

Open, close, inform, protect

Open, close, inform, protect

Stott and May Company Overview 2015

Stott and May Company Overview 2015

Stott and May Company Overview 2015

Cordoba province turismo

Cordoba province turismo

Cordoba province turismo

Boomerang Firsatkapp Genel Sunum 151111

Boomerang Firsatkapp Genel Sunum 151111

Boomerang Firsatkapp Genel Sunum 151111

Video Channel Demonstrating Hydroponic Troughs as Year-round Sustainable Stra...

Video Channel Demonstrating Hydroponic Troughs as Year-round Sustainable Stra...

Video Channel Demonstrating Hydroponic Troughs as Year-round Sustainable Stra...

storybook mi-- goldielocks THIS ONE

storybook mi-- goldielocks THIS ONE

storybook mi-- goldielocks THIS ONE

KnowCrunch - Fashion Event Plan & Budget - Team 1

KnowCrunch - Fashion Event Plan & Budget - Team 1

KnowCrunch - Fashion Event Plan & Budget - Team 1

Search 101

Lead at NY Fashion Week 2.10 2.11

Lead at NY Fashion Week 2.10 2.11

Lead at NY Fashion Week 2.10 2.11

IoT & BPM presentation IRM conference EA & BPM 2016

IoT & BPM presentation IRM conference EA & BPM 2016

IoT & BPM presentation IRM conference EA & BPM 2016

Cuestionario a _circulatorio

Cuestionario a _circulatorio

Cuestionario a _circulatorio

Keep the Licking Valley Fireworks: The Story Behind the 30-in-15 Raffle

Keep the Licking Valley Fireworks: The Story Behind the 30-in-15 Raffle

Keep the Licking Valley Fireworks: The Story Behind the 30-in-15 Raffle

UKBAA Effective Investor Workshop at Engine Shed

UKBAA Effective Investor Workshop at Engine Shed

UKBAA Effective Investor Workshop at Engine Shed

More from Eric Goldman

Auditing web servers for HIPAA compliance - §164.312(a)(1)

Auditing web servers for HIPAA compliance - §164.312(a)(1)

Auditing web servers for HIPAA compliance - §164.312(a)(1)Eric Goldman

Fair Information Practices: Overview and Application to the Omnibus Approach

Fair Information Practices: Overview and Application to the Omnibus Approach

Fair Information Practices: Overview and Application to the Omnibus ApproachEric Goldman

Evil Twin Demonstration

Evil Twin Demonstration

Evil Twin DemonstrationEric Goldman

AP Takeover Attacks

AP Takeover Attacks

AP Takeover AttacksEric Goldman

Introduction to WiMAX

Introduction to WiMAX

Introduction to WiMAXEric Goldman

Evolution Of The Public Network

Evolution Of The Public Network

Evolution Of The Public NetworkEric Goldman

More from Eric Goldman (6)

Auditing web servers for HIPAA compliance - §164.312(a)(1)

Auditing web servers for HIPAA compliance - §164.312(a)(1)

Auditing web servers for HIPAA compliance - §164.312(a)(1)

Fair Information Practices: Overview and Application to the Omnibus Approach

Fair Information Practices: Overview and Application to the Omnibus Approach

Fair Information Practices: Overview and Application to the Omnibus Approach

Evil Twin Demonstration

Evil Twin Demonstration

Evil Twin Demonstration

AP Takeover Attacks

AP Takeover Attacks

AP Takeover Attacks

Introduction to WiMAX

Introduction to WiMAX

Introduction to WiMAX

Evolution Of The Public Network

Evolution Of The Public Network

Evolution Of The Public Network

Recently uploaded

SIEMENS: RAPUNZEL – A Tale About Knowledge Graph

SIEMENS: RAPUNZEL – A Tale About Knowledge Graph

SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j

Bluetooth Controlled Car with Arduino.pdf

Bluetooth Controlled Car with Arduino.pdf

Bluetooth Controlled Car with Arduino.pdfngoud9212

Understanding the Laravel MVC Architecture

Understanding the Laravel MVC Architecture

Understanding the Laravel MVC ArchitecturePixlogix Infotech

Bun (KitWorks Team Study 노별마루 발표 2024.4.22)

Bun (KitWorks Team Study 노별마루 발표 2024.4.22)

Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang

Snow Chain-Integrated Tire for a Safe Drive on Winter Roads

Snow Chain-Integrated Tire for a Safe Drive on Winter Roads

Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group

Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024

Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024

Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada

AI as an Interface for Commercial Buildings

AI as an Interface for Commercial Buildings

AI as an Interface for Commercial BuildingsMemoori

APIForce Zurich 5 April Automation LPDG

APIForce Zurich 5 April Automation LPDG

APIForce Zurich 5 April Automation LPDGMarianaLemus7

Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365

Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365

Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited

My INSURER PTE LTD - Insurtech Innovation Award 2024

My INSURER PTE LTD - Insurtech Innovation Award 2024

My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer

My Hashitalk Indonesia April 2024 Presentation

My Hashitalk Indonesia April 2024 Presentation

My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar

Streamlining Python Development: A Guide to a Modern Project Setup

Streamlining Python Development: A Guide to a Modern Project Setup

Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm

Scanning the Internet for External Cloud Exposures via SSL Certs

Scanning the Internet for External Cloud Exposures via SSL Certs

Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed

New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024

New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024

New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada

The transition to renewables in India.pdf

The transition to renewables in India.pdf

The transition to renewables in India.pdfCompetition Advisory Services (India) LLP

Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024

Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024

Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada

Pigging Solutions Piggable Sweeping Elbows

Pigging Solutions Piggable Sweeping Elbows

Pigging Solutions Piggable Sweeping ElbowsPigging Solutions

Science&tech:THE INFORMATION AGE STS.pdf

Science&tech:THE INFORMATION AGE STS.pdf

Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida

Advanced Test Driven-Development @ php[tek] 2024

Advanced Test Driven-Development @ php[tek] 2024

Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren

#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024

#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024

#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada

Recently uploaded (20)

SIEMENS: RAPUNZEL – A Tale About Knowledge Graph

SIEMENS: RAPUNZEL – A Tale About Knowledge Graph

SIEMENS: RAPUNZEL – A Tale About Knowledge Graph

Bluetooth Controlled Car with Arduino.pdf

Bluetooth Controlled Car with Arduino.pdf

Bluetooth Controlled Car with Arduino.pdf

Understanding the Laravel MVC Architecture

Understanding the Laravel MVC Architecture

Understanding the Laravel MVC Architecture

Bun (KitWorks Team Study 노별마루 발표 2024.4.22)

Bun (KitWorks Team Study 노별마루 발표 2024.4.22)

Bun (KitWorks Team Study 노별마루 발표 2024.4.22)

Snow Chain-Integrated Tire for a Safe Drive on Winter Roads

Snow Chain-Integrated Tire for a Safe Drive on Winter Roads

Snow Chain-Integrated Tire for a Safe Drive on Winter Roads

Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024

Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024

Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024

AI as an Interface for Commercial Buildings

AI as an Interface for Commercial Buildings

AI as an Interface for Commercial Buildings

APIForce Zurich 5 April Automation LPDG

APIForce Zurich 5 April Automation LPDG

APIForce Zurich 5 April Automation LPDG

Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365

Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365

Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365

My INSURER PTE LTD - Insurtech Innovation Award 2024

My INSURER PTE LTD - Insurtech Innovation Award 2024

My INSURER PTE LTD - Insurtech Innovation Award 2024

My Hashitalk Indonesia April 2024 Presentation

My Hashitalk Indonesia April 2024 Presentation

My Hashitalk Indonesia April 2024 Presentation

Streamlining Python Development: A Guide to a Modern Project Setup

Streamlining Python Development: A Guide to a Modern Project Setup

Streamlining Python Development: A Guide to a Modern Project Setup

Scanning the Internet for External Cloud Exposures via SSL Certs

Scanning the Internet for External Cloud Exposures via SSL Certs

Scanning the Internet for External Cloud Exposures via SSL Certs

New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024

New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024

New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024

The transition to renewables in India.pdf

The transition to renewables in India.pdf

The transition to renewables in India.pdf

Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024

Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024

Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024

Pigging Solutions Piggable Sweeping Elbows

Pigging Solutions Piggable Sweeping Elbows

Pigging Solutions Piggable Sweeping Elbows

Science&tech:THE INFORMATION AGE STS.pdf

Science&tech:THE INFORMATION AGE STS.pdf

Science&tech:THE INFORMATION AGE STS.pdf

Advanced Test Driven-Development @ php[tek] 2024

Advanced Test Driven-Development @ php[tek] 2024

Advanced Test Driven-Development @ php[tek] 2024

#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024

#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024

#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024

Before It's Out The Door: Securing Outbound Open Source

1.

2.

3.

5. • • • •

6. • • • • • • • • •

7.

8. • • • • •

9. • • • • •

10. • • • • •

11.

12. • • • • • • • • • •

13. • → • • • • • • • •

14. • • • • • •

15.

16. • • • • • •

17. • • • • • • •

18. • • • • • • •

19.

20. • • • • •

21. • • • • •

22. • • • • •

23. • • • •