OpenJS World Keynote Fireside Chat: JavaScript Security

By July 28, 2020Blog, OpenJS World

During the OpenJS Foundation global conference, OpenJS World, we heard from many inspiring leaders. In this keynote series, we will highlight the key points from the keynote videos. 

In a recent Keynote Fireside Chat, three security experts discussed how open source software, such as JavaScript, is utilized in critical infrastructure and medical devices. Appropriate open source security helps improve cybersecurity and the safety of medical patients. The panel was moderated by Michael Dawson, IBM Community Lead for Node.js. Jessica Wilkerson, a Cyber Policy Advisor for the Food and Drug Administration (FDA), and Adam Baldwin, Sr. Product Manager at GitHub, joined the call to provide their perspectives on JavaScript security.   

Wilkerson started the talk by explaining how open source software has made its way into critical services used by the FDA, including medical devices. The prevalence of open source software, such as JavaScript, requires a more careful consideration of security risks and vulnerabilities. For example, medical devices are submitted with a list of software they are built with, and it is important for developers to understand vulnerabilities in the packages they use — the responsibility does not fall solely on the maintainers. 

All members agreed that in order to make JavaScript more secure it is important for maintainers and bug reporters to work together to solve security issues. When a bug is difficult to identify, tension can develop between vulnerability reporters and maintainers. Ultimately, improving communication and protocol between these two groups can make JavaScript safer. 

Full video here

Broken down by section: 

Member introductions 0:15 

How is JavaScript used in critical infrastructure? 1:32

Improving security: Increased support from organizations 3:20

Responsibility: Final goods assembler 4:23

“Tooling” in software development 05:58

Using automation to identify and remove risks 07:03

What can the OpenJS Foundation do to improve security? 08:45

Tension between maintainers and vulnerability reporters 10:11

Improving communication between maintainers and researchers 13:53

Government approach to security vulnerabilities 14:41

Improving collaboration between all parties 16:15

Current security practices 18:01

Closing thoughts and call to action 19:31

Thank you Adam, Jessica and Michael for your insights on this very important topic!