Completed
Bad engineering habits Engineers are not aware of FOSS risks, so they chose whatever code they like to use
Class Central Classrooms beta
YouTube videos curated by Class Central.
Classroom Contents
Building a Secure, Efficient, Compliant OSS Supply Chain at Scale - Lecture
Automatically move to the next video in the Classroom when playback concludes
- 1 Intro
- 2 What is FOSS supply chain FOSS supply chain means the operation of consuming FOSS within a company when running its daily business - The challenge is just like any supply chain within a company
- 3 Case: Security holes cause business losses The Equifax breach and underlying Apache Struts vulnerability cost more than $400m and affected 140 million people
- 4 Massive FOSS supply and demands Java: 3.7 Million unique plugs in central Maven repository (downloads increase 68% in 2018)
- 5 So many engineers and Repos - My company has over 15K engineers
- 6 Bad engineering habits Engineers are not aware of FOSS risks, so they chose whatever code they like to use
- 7 1. Set up internal Maven server and NPM server first
- 8 Why we chose this - Baidu is an Internet Company, most of our business is online service and the risk of license compliance is low
- 9 Training is very very important Executed Offline training in several sites Beijing shanghai
- 10 Setup OSS security tickets system Set security fixing process
- 11 Building FOSS supply chain is a long journey It is more than compliance
