Completed
Intro
Class Central Classrooms beta
YouTube videos curated by Class Central.
Classroom Contents
Building a Secure, Efficient, Compliant OSS Supply Chain at Scale - Lecture
Automatically move to the next video in the Classroom when playback concludes
- 1 Intro
- 2 What is FOSS supply chain FOSS supply chain means the operation of consuming FOSS within a company when running its daily business - The challenge is just like any supply chain within a company
- 3 Case: Security holes cause business losses The Equifax breach and underlying Apache Struts vulnerability cost more than $400m and affected 140 million people
- 4 Massive FOSS supply and demands Java: 3.7 Million unique plugs in central Maven repository (downloads increase 68% in 2018)
- 5 So many engineers and Repos - My company has over 15K engineers
- 6 Bad engineering habits Engineers are not aware of FOSS risks, so they chose whatever code they like to use
- 7 1. Set up internal Maven server and NPM server first
- 8 Why we chose this - Baidu is an Internet Company, most of our business is online service and the risk of license compliance is low
- 9 Training is very very important Executed Offline training in several sites Beijing shanghai
- 10 Setup OSS security tickets system Set security fixing process
- 11 Building FOSS supply chain is a long journey It is more than compliance
