Patch management needs a revolution
11:50 AM - 12:35 PM EST
One of the biggest concerns with modern patch management is that we haven’t truly challenged our thinking around “patching everything” in 40 years. Yet available evidence shows that most vulnerabilities do not and will not ever see exploitation. In this conversation with Tidelift CEO and co-founder Donald Fischer, Red Hat VP of Product Security Vincent Danen will challenge some of the common perceptions about open source software security. By changing how we think about open source security from an exercise in creating “vulnerability-free” software (a compliance-driven exercise) to one where the purpose is minimizing the potential or severity of a breach (a risk-driven exercise), we may actually reduce our security costs and improve our outcomes at the same time.
Secure by design: a proactive approach to open source health and security
1:35 PM - 2:15 PM EST
In this session two of CISA’s leading security experts will share more about the industry-wide effort they are leading to make security a core business requirement in products versus an aftermarket technical feature. They’ll share historical analogies of where this design-first approach has had real impact in other industries, and they’ll cover how they are working directly with industry leaders and the open source community to proactively improve practices in ways that will lead to the security outcomes we need.
Panel: New approaches to open source security and resilience from the financial services industry
4:00 PM - 4:50 PM EST
For obvious reasons, the financial services industry has been a leader in embracing new approaches to ensuring the security and resilience of the open source software we all depend on. In this panel we'll learn what a few top experts are doing within their organizations to harden their defenses and invest in the open source they depend on, while sharing advice and strategies that all organizations can take back to inform their own work.