Automating GitHub Security Alerts Into Your Workflow

Learn how to effectively manage GitHub security alerts and integrate them into your workflow in this 39-minute conference talk. Explore best practices for Open Source Program Offices (OSPOs) to handle security vulnerabilities in open source projects at scale. Discover the mechanics and governance of Verizon Media's process for notifying internal employees about CVEs on their projects. Gain insights into the challenges and opportunities for automation, the importance of project visibility, and the corporate perspective on security alerts. Understand the differences between open source and closed source security, and learn how to address false positives. Enhance your organization's approach to open source security and leverage GitHub's security features to protect your projects.

Intro
Project Visibility
What is Information Security
Agenda
What GitHub does right
What does GitHub do
Kudos to GitHub
Its challenging
Automation opportunity
Private repos
Buyer beware
What we did
Call for support
Corporate perspective
GitHub Security Alerts Workflow
Help us
Automate
Security and Open Source
Open Source vs Closed Source
Thank you
Contact Gil
False Positives