Workshop: Verifying the Security of Open Source Software
Information
Time: 11:25 - 12:25
Level: Intermediate
Target Audience: Software developers, DevOps/DevSecOps engineers, engineering managers, and architects who want to strengthen their ability to make informed decisions when adopting open-source software.
Open-source software (OSS) is everywhere — from libraries and frameworks to the infrastructure that powers modern applications. But not every project is equally safe to use. Hidden risks such as outdated dependencies, weak governance, or supply chain attacks can make a seemingly useful project a liability.
This workshop introduces participants to the core practices for evaluating the security of open-source projects. Through a mix of discussion and hands-on exercises, participants will learn how to assess the health of a project, spot red flags, and apply a systematic approach to deciding whether to adopt or trust an open source dependency.
What will you learn
How to evaluate the activity, transparency, and governance of an OSS project.
How to identify signals of strong or weak security practices.
How to recognize common risks in open source projects.
How to build a repeatable approach for assessing OSS before adopting it.
Prerequisites
A laptop with a browser and internet connection. Basic understanding of software dependencies and version control.
Deliverables Schedule
A structured “OSS Security Evaluation Checklist.” Workshop presentation slides. Example evaluations created during the session.
