You are viewing content from a past/completed QCon -

SESSION + Live Q&A

How to Sleep Soundly at Night While Using Open Source

Open-source components are prevalent in approximately 97% of modern applications and dominate anywhere between 60-80% of their codebases. This is hardly surprising given how integrating open source accelerates software development and enables organizations to keep up with today's frantic release pace and standards of constantly supplying new features and improvements.

However, taking into consideration the fact that recent years have seen an upsurge in reported open-source vulnerabilities, whose details and exploits are publicly available, it's no wonder that organizations are increasingly directing focus towards ensuring that their open-source components are securely integrated into their software.

This talk begins with two stories and the lessons to be learned from them. First, we'll hear about a famous hack based on a simple CVE exploit and its ramifications, and then about an M&A which suffered major complications due to an overlooked open-source license. During the second half of the talk, we'll discuss how to practically implement the lessons learned from these stories and the role developers can play in driving this process.


Speaker

Guy Bar-Gil

Product Manager @WhiteSourceSoft

I'm Guy Bar-Gil, product manager at WhiteSource, where we enable software development teams get the best out of using open-source components, without the headache, so they can focus on what they should be doing - making beautifully constructed software.In my free time, I enjoy reading...

Read more

Location

Westminster, 4th flr.

Track

SPONSORED SOLUTIONS TRACK III

Video

Video is not available

Share

From the same track

SESSION + Live Q&A

DevOps for Developers (Or Maybe Against Them?!)

"DevOps" is the operations people’s crafty plan to make developers do other people's work, but we are smart enough to see right through this naive rebranding trick!Baruch suggests you think about it: we, the developers, have written all the code. It passes all the tests; it...

Baruch Sadogursky

Head of DevOps Advocacy & Developer Advocate @jfrog

SESSION + Live Q&A

Opportunities and Pitfalls of Event-Driven Utopia

Event-driven architectures are on the rise. They promise both better decoupling of components by using an event bus and improved scalability in terms of throughput. Decoupled modules help to scale your software development efforts itself. Event streaming promises to handle ever-growing amounts of...

Bernd Ruecker

Co-founder and chief technologist @Camunda

SESSION + Live Q&A

[CANCELED] Common Mistakes in Identity Solutions

This session has been canceled.

SESSION + Live Q&A

Lessons Learned Building Messaging Software with a Fully Remote Team

Our experience working with hundreds of customers who use Mattermost, an open source messaging workspace, and a distributed team of 50 with hundreds of additional contributors all working remotely, has taught us several lessons about communications tools and how to get work done across time...

Corey Hulen

CTO and Co-founder @Mattermost

SESSION + Live Q&A

Stories from the BeeHive

PensionBee is the UK's most loved pension company. Starting in 2015, PensionBee has helped over 70,000 customers manage close to £1bn of their pension savings. In this enjoyable talk, PensionBee CTO Jonathan Lister Parsons digs into the challenges of growing a consumer-focused fintech...

Jonathan Lister Parsons

Software Developer @pensionbee

View full Schedule