From OpenJS World 2022: Securing the Open Source Ecosystem – Brian Behlendorf

In this recap from the OpenJS World Keynote Series, we’re highlighting a keynote on open source security. To view all of the keynotes from the conference, please visit the OpenJS YouTube Channel.

Brian Behlendorf, General Manager for the Open Source Security Foundation (OpenSSF), presented at OpenJS World 2022 on Securing the Open Source Ecosystem. The presentation began with Brian explaining the problem of supply chain breaches and other factors that are affected by these vulnerabilities. He then follows with what OpenSSF is doing to make efforts in order to work across the supply chain and prevent these types of threats.

The presentation then covers an overview of the mobilization plan. Brian mentions this was planned after a meeting with a U.S federal agency to strengthen security and open source. There is also a quick run-through of the ten different mobilization plans including their goals from security education, risk assessment, incident response, SBOMS, and others. 

Full keynote available here: https://www.youtube.com/watch?v=wxDT-QQh50U 

Main Sections:

0:00 Introduction

1:24 Supply chain breaches

4:33 How OpenSSF Efforts work across the supply chain

11:04 Alpha engagement: Node.js

13:13 Mobilization plan origin story

15:01 Goals identified 

17:13 The open Source software security mobilization plan 

21:14 Initial pledges  

21:52 Get the plan!

Main OpenJS Resources: 

Main Site: https://openjsf.org/ 

Blog: https://openjsf.org/blog/ 

Join: https://openjsf.org/about/join/ 

Certification: https://openjsf.org/certification/

Twitter: https://twitter.com/openjsf

LinkedIn: https://www.linkedin.com/company/openjs-foundation/