Evaluating security risk associated with open source software projects can be a complex or even daunting task, but an Open Source Security Foundation project called OpenSSF Scorecard helps put some order and automation into the process.
In this episode, we chat with one of OpenSSF Scorecard's contributors, Brian Russell of Google, and Ryan Ware, Director of Open Source Security at Intel, about the problems Scorecard addresses, and how it might help improve the experience of developers and consumers of open source software. We'll take a deep dive into the automated security checks, how to use the data, and how to include Scorecards in a workflow.
Links- SCaLE 20x presentation: How do you trust your open source software?
Brian Russell is a Product Manager on Google’s Open Source Security Team. He focuses on software supply chain security and is actively involved in the OpenSSF Scorecards project. In his spare time, Brian enjoys 3D printing and Atari video game programming.
Ryan Ware recently returned to Intel to focus on Open Source Software (OSS) security. He is currently helping drive Intel’s efforts in the Open Source Security Foundation (OpenSSF). Ryan is an industry veteran who has always worked at the intersection of open source software and security, be it implementing security features in open source software stacks, using open source software to find security vulnerabilities in software and hardware, or helping teams utilize OSS in a secure way.
You Might Like
