In this recap from the OpenJS World Keynote Series, we’re highlighting a keynote on open source security. To view all of the keynotes from the conference, please visit the OpenJS YouTube Channel.
Brian Behlendorf, General Manager for the Open Source Security Foundation (OpenSSF), presented at OpenJS World 2022 on Securing the Open Source Ecosystem. The presentation began with Brian explaining the problem of supply chain breaches and other factors that are affected by these vulnerabilities. He then follows with what OpenSSF is doing to make efforts in order to work across the supply chain and prevent these types of threats.
The presentation then covers an overview of the mobilization plan. Brian mentions this was planned after a meeting with a U.S federal agency to strengthen security and open source. There is also a quick run-through of the ten different mobilization plans including their goals from security education, risk assessment, incident response, SBOMS, and others.
Full keynote available here: https://www.youtube.com/watch?v=wxDT-QQh50U
1:24 Supply chain breaches
4:33 How OpenSSF Efforts work across the supply chain
11:04 Alpha engagement: Node.js
13:13 Mobilization plan origin story
15:01 Goals identified
17:13 The open Source software security mobilization plan
21:14 Initial pledges
21:52 Get the plan!
Main OpenJS Resources:
Main Site: https://openjsf.org/