Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Learn about a collaborative initiative to strengthen open source software security through coordinated vulnerability remediation efforts in this 18-minute conference talk. Discover how organizations can make tangible impacts by investing in fixing security issues directly at their source within upstream projects, rather than applying patches downstream. Explore the proposed "OpenSSF Bug Squashing Allies" framework designed to align and coordinate vulnerability remediation efforts across OpenSSF member organizations. Understand how sharing approaches, methodologies, and results—including specific CVEs addressed—can motivate broader community participation, facilitate knowledge exchange, and eliminate redundant security efforts across the open source ecosystem. Examine real-world examples and practical strategies for product teams to engage hands-on with upstream projects to address critical software supply chain security challenges. Gain insights into how the OpenSSF community can better facilitate these collaborative security initiatives to build a more robust and resilient open source software supply chain that benefits the entire industry.
