Vincent Danen

One of the biggest concerns with modern patch management is that we haven’t truly challenged our thinking around “patching everything” in 40 years. Yet available evidence shows that most vulnerabilities do not and will not ever see exploitation. In this conversation with Tidelift CEO and co-founder Donald Fischer, Red Hat VP of Product Security Vincent Danen will challenge some of the common perceptions about open source software security. By changing how we think about open source security from an exercise in creating “vulnerability-free” software (a compliance-driven exercise) to one where the purpose is minimizing the potential or severity of a breach (a risk-driven exercise), we may actually reduce our security costs and improve our outcomes at the same time.