Scaling the Security Researcher to Eliminate OSS Vulnerabilities - Automated Solutions

Explore a highly scalable approach to eliminating open-source software vulnerabilities in this 52-minute conference talk by Jonathan Leitschuh from the Open Source Security Foundation/Linux Foundation. Learn about the challenges of finding and fixing simple yet widespread security issues across hundreds of thousands of OSS projects. Discover how tools like GitHub's CodeQL and OpenRewrite can be leveraged to automate vulnerability scanning, triaging, reporting, and fixing at scale. Gain insights into the practical applications of automated bulk pull request generation for real-world OSS projects, and understand how this technique can efficiently utilize researcher knowledge to address vulnerabilities across the open-source ecosystem. Delve into the potential of this approach to not only identify security issues but also provide actionable solutions to volunteer OSS maintainers, ultimately working towards eliminating vulnerabilities once and for all.

Scaling the Security Researcher to Eliminate OSS Vulnerabilities Once and for...- Jonathan Leitschuh