Equifax: the Canary in the Git Mine
A lot has been said about the Equifax breach and subsequent data dump, several executives have been fired or submitted their resignations, and the fallout continues. There has also been mention of the original vulnerability that led to the breach in the first place, and the fact that it was an exploit of Apache Struts.
This talk takes a look at the security landscape, business process, and governance for open source software usage and development, beyond a single vulnerability or project. With the understanding that no software implementation is bullet proof, what is the proper process to mitigate risk for open source software? What role do vendors play?
Looking at the whole of sundry software ecosystems, smart technologists will look at the bigger picture and bring together business stakeholders: IT, legal, engineering, and product management to drive a more collaborative, responsive process that provides the foundation for innovation as well as managing risk vectors.
More than a single vulnerability and exploit, the Equifax scenario points to a larger failure in corporate governance and an inability to drive internal collaboration that would reduce crisis response times and conceivably minimized the damage from such a breach. This talk will hopefully kickstart a much needed conversation around best practices for internal open source process and governance.