Vulnerability Scanning For Free (as in Puppies)
Secure software supply chains with 0 vulnerabilities sounds like a great idea, but once you start looking through entire dependency chains and large systems, it can be a lot harder to achieve than one might expect. Using the free, open source, CVE Binary Tool vulnerability scanner (written in python!), we'll show what it looks like to set up vulnerability scanning, what kinds of fun things you find, and how keeping things up to date can mean an ongoing maintenance burden that is more like a free puppy than a free beer. We'll talk about how naive policies, governmental mandates and capitalism may ruin your day, and what we can do to stay secure and help everyone get past the puppy phase without sending anyone back to the pound.
About Terri Oda
Terri specializes in saying no and explaining things, which either describes her professional work as an open source security expert, her personal time as the parent of a child who always wants to know “what’s happening?” or her volunteer service bringing new contributors into Python projects through Google Summer of Code.