Navigating a security audit, the insights, challenges, experiences and lessons learnt - OCX 2024

Channel:
Eclipse Foundation
Subscribers:
24,000
Published on ● Video Link: https://www.youtube.com/watch?v=v96kTZTuils


Duration: 0:00
12 views
0

As part of the Adoptiums project commitment to ensuring a secure supply chain for the Temurin JDK is ever more vital. As part of this commitment, an external auditor was appointed to audit the Adoptium projects critical code & software repositories, aiming to validate our security processes, and thus, mitigating risks, and enhancing overall cybersecurity posture. This presentation aims to delve into the intricacies of participating in an external security audit, offering insights, addressing common challenges, and providing an engineer's view of the experience. The presentation will cover the preparation and scope definition process for the audit itself, and then continue on to the audit execution process, and the resulting actions, before finally covering the wrap-up, and the post-audit actions. This session will provide insights to others about what is involved in this critical process. This is intended to be a 30-minute presentation, based on recent experiences with an external security audit.



Other Videos By Eclipse Foundation


2024-11-16Unleashing Organizational Potential Embracing Open Source Principles - OCX 2024
2024-11-16Collaborative Approaches to License Compliance OpenHarmony and Eclipse Oniro Compliance Toolchain
2024-11-16Crafting a Cloud Development Environment with Eclipse Che and Personal AI Assistants - OCX 2024
2024-11-16Your Journey to Inner Source - OCX 2024
2024-11-16Sustaining Git performance under heavy workloads: GHS, an AI driven approach (spons. by GerritForge)
2024-11-16Zero-Downtime Development (sponsored by Data in Motion & Kentyou) - OCX 2024
2024-11-16GitHub for Fun, Profit, and Security - OCX 2024
2024-11-16Eclipse IDE: A Chance for Every Java Developer and Java Using Company - OCX 2024
2024-11-16Mastering your Eclipse IDE - Java tooling, Tips & Tricks! - OCX 2024
2024-11-16Security Audits Panel - OCX 2024
2024-11-15Navigating a security audit, the insights, challenges, experiences and lessons learnt - OCX 2024
2024-11-14Conformity Assessment to build data pipelines between organisations, from PDF to source code-OCX 24
2024-11-14The reality of CDT's LSP and Tooling situation - OCX 2024
2024-11-14Chisel: a bottom up build strategy for minimal and secure Ubuntu containers - OCX 2024
2024-11-14BigCode: Building Open LLMs for Code - OCX 2024
2024-11-14Behind the scenes of JUnit 5 – running an independent open source project by example - OCX 2024
2024-11-14Eclipse Xpanse – Portable Managed Services to drive Cloud Autonomy sponsored by Huawei - OCX 2024
2024-11-14Disrupting the SW Composition Analysis market with OSS and open data - OCX 2024
2024-11-14Eclipse Apoapsis - Open Source based Software Composition Analysis at scale - OCX 2024
2024-11-14Leverage the evolution of Eclipse PDE - OCX 2024
2024-11-14Build and CI Observability for Open Source Communities (sponsored by Gradle) - OCX 2024