Secure Open Source Practices with Jillian Ratliff
How do you know your open source is secure? Carl and Richard talk to Jillian Ratliff about security practices on your own code, and the open-source code you depend on. Jillian talks about some of the high-profile security problems that have happened recently in the open-source world including log4j. The conversation turns to practices for making your applications secure with open-source including security testing as part of your CI/CD pipeline, periodic penetration testing, and more!
Guests:
Jillian Ratliff
Jillian Ratliff provides application security training for software engineers, so they have the skills to write secure code in any language. With over 10 years of AppSec experience, she has worn many hats: penetration tester, consultant, code reviewer, and threat modeler! However, her favorite hat to wear has always been that of a teacher, and that’s why she founded Gold Hat Security in 2019.
Links:
- Tips to avoid getting scammed online http://stw.appvnext.com
- Azure Key Vault https://azure.microsoft.com/services/key-vault/
- Log4J Vulnerabilities https://logging.apache.org/log4j/2.x/security.html
- Dependabot https://github.com/dependabot
- Source Code Analysis Tools https://owasp.org/www-community/Source_Code_Analysis_Tools
- Radio Lab Episode Null https://www.wnycstudios.org/podcasts/radiolab/articles/null
- Jillian's Twitter https://twitter.com/jillians2cents