The Missing Post Mortem - OCX 2024

Channel:
Eclipse Foundation
Subscribers:
24,000
Published on ● Video Link: https://www.youtube.com/watch?v=8g1N64DCxBw


Duration: 0:00
21 views
0

The first half of 2024 saw an entirely new category of threat against open source, one that rocked its trust-based system at its core: social engineering takeover attempt of critical open source projects. These attacks uncovered a systemic gap in open source security management. Up until now, the open source community wasn’t thought of as a potential cyber attack target. But when critical open source projects become stepping stones for industrial espionage, ransomware attacks, or cyberwarfare, maintainers need to adopt comparable security practices to those found in target organizations. This creates a unique set of challenges for open source because of its highly distributed nature and volunteer-based model. Meaningfully improving security at scale while preserving the ethos, culture, and diversity of communities that characterize open source and that are largely responsible for its innovative potential isn't an easy task. In this talk we'll do a post-mortem of the social engineering takeover attempt at the OpenJS Foundation. While preserving confidentiality, we'll outline industry gaps uncovered during this attack. We'll suggest ways to meaningfully improving security at scale while preserving the ethos, culture, and diversity of communities that characterize open source and that are largely responsible for its success.



Other Videos By Eclipse Foundation


2024-11-17Secure development in Open Source - the road to SLSA level 3 compliance for Eclipse Temurin - OCX 24
2024-11-17Reducing risk in software supply chains:A project health perspective with a Kubernetes example-OCX24
2024-11-17Empowering a Connected Intelligent World With OpenHarmony and Oniro - OCX 2024
2024-11-17Magic industrial data acquisition with Apache PLC4X, TsFile and IoTDB - OCX 2024
2024-11-17Nurturing the Next Generation of Open Source Contributors - OCX 2024
2024-11-17Evolving real-world AsciiDoc into a specification and how it will help the ecosystem - OCX 2024
2024-11-17Insights and Lessons in Interconnectivity from Building a Map of the Open Source Science Landscape
2024-11-17From OpenAI to Opensource AI: Navigating Between Commercial Ownership and Collaborative Openness
2024-11-17Using security as code to survive the cybersecurity compliance tsunami in software projects - OCX 24
2024-11-17Unleashing the power of Digital Twins with Open Source: How Asset Administration Shell is providing
2024-11-16The Missing Post Mortem - OCX 2024
2024-11-15Web based tools and IDEs - pitfalls and best practises - OCX 2024
2024-11-15Podman: Leaving the Dock - OCX 2024
2024-11-15We Build Software in the Open to Build Trust - OCX 2024
2024-11-15Powering Sustainability with Open Source: The Energy Management Tech Stack - OCX 2024
2024-11-15Zero Install Embedded C/C++ Development: Running GDB in the Browser with WebAssembly - OCX 2024
2024-11-15Open Innovation Unleashed: Obeo's Journey in the Open-Source Ecosystem - OCX 2024
2024-11-15Towards an Open and Flexible AI Driven IDE: A Vision and Proof of Concept with Theia - OCX 2024
2024-11-15How IoT Can Save a Life - A Real World Example - OCX 2024
2024-11-15Bringing Memory Safety to Time Critical Embedded Systems for Automotive and Industrial Systems
2024-11-15Integrating React Flow in Sirius Web: Insights and Practical Lessons - OCX 2024