Disclaimer: This summary has been generated by AI. It is experimental, and feedback is welcomed. Please reach out to info@qconlondon.com with any comments or concerns.
The presentation titled "Empower Your Developers: How Open Source Dependencies Risk Management Can Unlock Innovation" by Celine Pypaert focuses on effectively managing open source dependencies to drive innovation while balancing security risks. Below is a structured summary:
Introduction
The session addresses the challenge of managing security in open source dependencies and how it impacts innovation. The speaker introduces the concept with analogies about building strong and stable foundations.
- Importance of Foundations: Just like a stable building requires a strong foundation, software applications need a secure base to build upon.
- Role of Security: Security should be seen as a blueprint to facilitate secure innovation, especially against increasing cyber threats.
Key Strategies
- Identification: Recognize and understand the open source components in your environment to manage them effectively.
- Ownership and Accountability: Ensure clear ownership to maintain and secure dependencies, preventing orphaned repositories.
- Proactivity: Shift from reactive firefighting to proactive management through automation and strategic approaches.
- Prioritization: Use tools like Software Composition Analysis (SCA) to identify and prioritize vulnerabilities for prompt remediation.
Tools and Best Practices
- Software Bill of Materials (S-bomb): Implement S-bombs for transparency in dependency management and compliance with regulations.
- Engagement with Teams: Leverage internal teams like security, IT, and data protection for comprehensive risk management strategies.
- Automation Tools: Integrate tools like Dependabot and Black Duck for efficient vulnerability tracking and management.
Conclusion
- Cultural Change: Emphasize the importance of security culture within organizations to ensure long-term resilience and innovation.
- Continuous Improvement: Adopt a continuous cycle of monitoring and updating practices to address emerging security challenges.
The presentation concludes with practical steps and encourages ongoing collaboration between teams to foster a secure and innovative development environment.
This is the end of the AI-generated content.
As security practitioners, we face the challenge of driving innovation whilst needing to balance security risks. This talk explores how to overcome this challenge by managing Open Source dependencies more effectively, automating patching, and establishing better security policies and processes to help teams harness the power of Open Source more securely.
Speaker
Celine Pypaert
Vulnerability Manager @Johnson Matthey, Women in CyberSecurity UK Volunteer, Book Contributor, Ex-Microsoft
Celine is Security Vulnerability Manager at Johnson Matthey, a global leader in sustainable technologies manufacturing. They were previously a Security Technical Specialist at Microsoft UK and security presales engineer at VMware.
Celine successfully achieved a career-switch - going from manual and service work into cybersecurity by self-teaching for years, later earning a Computer Science degree.
Celine is now in their second cyber leadership role, blending technical knowledge and cyber strategy with deep people collaboration, to collectively align with and achieve business objectives.
A big believer in giving back to the community, Celine is passionate about helping marginalised people get into or progress in STEAM, volunteering with Stemettes, Women in CyberSecurity (WiCyS) UK & Ireland, and Alliances Global. They also helped co-found Microsoft's first Social Mobility ERG (Employee Resource Group).
Find Celine Pypaert at:
Date
Tuesday Apr 8 / 11:45AM BST ( 50 minutes )
Location
Mountbatten (6th Fl.)
