Driving Security at Scale: Principles for Package Repository Security - Lecture
Offered By: OpenSSF via YouTube
Course Description
Overview
Explore the principles of package repository security in this 19-minute conference talk by Jack Cable from CISA and Zach Steindler from GitHub. Learn about the collaborative effort between CISA and the OpenSSF Securing Software Repositories Working Group to develop the "Principles for Package Repository Security" - an opinionated security maturity model with four levels. Understand how this voluntary framework helps package repositories evaluate their current security capabilities and plan their security roadmap. Discover how this initiative aligns with CISA's Open Source Software Security Roadmap and the White House's National Cybersecurity Strategy. Gain insights into the content of the maturity model, the process of its development, and learn how to effectively engage with CISA and open source package repositories to enhance security across open source ecosystems.
Syllabus
Driving Security at Scale: Principles for Package Repository Security - Jack Cable & Zach Steindler
Taught by
OpenSSF
Related Courses
Security Is an Ecosystem - We Can't Be Secure in IsolationLinux Foundation via YouTube Improving the Security of a Large Open Source Project One Step at a Time
Linux Foundation via YouTube Simplifying Coordinating Vulnerabilities and Disclosures in Open Source Projects
Linux Foundation via YouTube SLSA in Action: Securing the Software Supply Chain
Linux Foundation via YouTube Implementing OpenSSF Best Practices Badges and Scorecards for Project Security
Linux Foundation via YouTube