Eclipse Foundation Security Training 2025: Managing Dependency Risks

Channel:
Eclipse Foundation
Subscribers:
24,300
Published on ● Video Link: https://www.youtube.com/watch?v=o8cY8xdtUNA


Duration: 0:00
45 views
1

This session in the Eclipse Foundation Security Training 2025 series explores how to assess and manage risks in project dependencies. From real-world supply chain security threats (like XZ and Log4j) to proactive mitigation using tools like Dependabot, this training offers both strategy and hands-on advice for developers and maintainers.

🔐 Learn more about our security programs: https://www.eclipse.org/security

TIMESTAMPS
00:00 Introduction to Dependency Risks
00:26 Dependencies and Risks by Example: XZ & Log4J
03:36 Dependency Evaluation Tools (e.g., Best Practices Badge)
06:00 Introduction to Dependabot
07:01 Security Alerts: How They Work
08:47 Triaging Alerts & Making Informed Decisions
10:00 Automating Updates with Dependabot
11:03 Version Updates & Ongoing Maintenance
11:58 Getting Started Resources & Handbook Links



Other Videos By Eclipse Foundation


2025-07-24Cyclone DDS Insight: Bringing DDS Debugging to Eclipse IoT
2025-07-10Will all types of open source contributors have to comply with the CRA?
2025-07-10What is the CRA? Why should open source maintainers care?
2025-07-10Concerned about the CRA and how it impacts open source?
2025-07-09Europe’s Silicon Comeback: Maturing RISC-V with TRISTAN and OpenHW
2025-07-08Discover the Eclipse Cloud Interest Group: Mike Milinkovich's Vision for Digital Sovereignty
2025-06-26CRA Mondays | The CRA: Why even your fridge might need a lawyer | Pedro Demolder
2025-06-26Unpacking the CRA: From Draft to Delivery – ORC Working Group’s first deliverables
2025-06-25What is Eclipse Xpanse?
2025-06-24Embedded World 2025 Aftermovie
2025-06-20Eclipse Foundation Security Training 2025: Managing Dependency Risks
2025-06-20Eclipse Foundation Security Training 2025: Advanced Vulnerability Management
2025-06-20Eclipse Foundation Security Training 2025: How We Manage Vulnerability Reports
2025-06-20Eclipse Foundation Security Training 2025: Intro to Vulnerability Management & CVE Best Practices
2025-06-20Eclipse Foundation Security Training 2025 | SBOMs, Dependency Tracking, and Future Trainings
2025-06-10CRA Mondays | Supply-chain Levels for Software Artifacts (SLSA) | Arnaud Le Hors
2025-06-02SUMO-UAV-Py: A SUMO Plugin For UAV-Based Road Traffic Sensing
2025-06-02SUMO’s interpretation of the Krauß model
2025-06-02Effects of charging strategies and policies on electric vehicles and infrastructure
2025-06-02Towards Improved Traffic Impact Assessments for Construction Sites
2025-06-02SUMO in SPACE - Combining SUMO and dSPACE for Advanced Traffic Simulation