FM Logo
WowFM
Helping Secure OSS Software - Alvaro Munoz - ASW #189
Helping Secure OSS Software - Alvaro Munoz - ASW #189

Helping Secure OSS Software - Alvaro Munoz - ASW #189

Gabrielle

36 min0 plays0 favorites
News
Play

Description

<p>Past research such as JNDI Injection, Unsafe deserialization, Struts RCEs - OSS security: CodeQL, Dependabot, collaboration between researchers and developers, OWASP Top Ten Proactive Controls, CVD for OSS</p> <p> </p> <p>Segment Resources:</p> <p>- [Write more secure code with the OWASP Top 10 Proactive Controls] <a href= "https://github.blog/2021-12-06-write-more-secure-code-owasp-top-10-proactive-controls/"> https://github.blog/2021-12-06-write-more-secure-code-owasp-top-10-proactive-controls/</a></p> <p>- [An analysis on developer-security researcher interactions in the vulnerability disclosure process] <a href= "https://github.blog/2021-09-09-analysis-developer-security-researcher-interactions-vulnerability-disclosure/"> https://github.blog/2021-09-09-analysis-developer-security-researcher-interactions-vulnerability-disclosure/</a></p> <p>- [Building security researcher and developer collaboration] <a href= "https://www.securitymagazine.com/articles/97066-how-to-build-security-researcher-and-software-developer-collaboration"> https://www.securitymagazine.com/articles/97066-how-to-build-security-researcher-and-software-developer-collaboration</a></p> <p>- [Coordinated vulnerability disclosure (CVD) for open source projects] <a href= "https://github.blog/2022-02-09-coordinated-vulnerability-disclosure-cvd-open-source-projects/"> https://github.blog/2022-02-09-coordinated-vulnerability-disclosure-cvd-open-source-projects/</a></p> <p>- [GitHub Advisory Database now open to community contributions] <a href= "https://github.blog/2022-02-22-github-advisory-database-now-open-to-community-contributions/"> https://github.blog/2022-02-22-github-advisory-database-now-open-to-community-contributions/</a></p> <p>- [Blue-teaming for Exiv2: creating a security advisory process] <a href= "https://github.blog/2021-11-02-blue-teaming-create-security-advisory-process/"> https://github.blog/2021-11-02-blue-teaming-create-security-advisory-process/</a></p> <p> </p> <p> </p> <p>Visit <a href= "https://www.securityweekly.com/asw

Creators

vivi_river

vivi_river

Creator