Will Large-Scale Automated Scanning Stop Malware on OSS Repositories?
Offered By: Linux Foundation via YouTube
Course Description
Overview
Explore the challenges and limitations of large-scale automated scanning for malware detection in open-source software repositories in this 41-minute conference talk by Zachary Newman from Chainguard, Inc. Examine the case study of Python's PyPI, which implemented an automated scanning system in 2020, to understand why such approaches often fall short. Learn about the practical constraints faced by repository maintainers, including high package upload volumes and limited volunteer resources, which make even low false-positive rates problematic. Discover the current equilibrium involving third-party researchers and human intervention in malware detection. Gain insights into the broader context of supply chain threats and the importance of considering maintainer needs when designing security solutions. This talk offers valuable lessons for package repository administrators, security professionals, and anyone concerned about malware in open-source software ecosystems.
Syllabus
Will Large-Scale Automated Scanning Stop Malware on OSS Repositories? - Zachary Newman
Taught by
Linux Foundation
Tags
Related Courses
Project Zen - Improving Apache Spark for Python UsersDatabricks via YouTube Your Step by Step Guide on Python Libraries Development
Prodramp via YouTube Python Unit Testing and Package Submission - Build with Python 5
Samuel Chan via YouTube Building and Publishing a Python Package - How to Distribute on PyPI
Samuel Chan via YouTube Secure Python Packaging and Release Using Continuous Deployment
Linux Foundation via YouTube