Finding issues that matter in open source dependencies and fixing them without developer friction
Date: Tuesday, December 12 at 11am PT / 2pm ET
Software dependency scanners are generally very noisy and surface issues that are not always required to be fixed. This ends up slowing down the development process as fixing these issues usually involves breaking changes. This session aims to explore reachability analysis as the solution for prioritizing essential vulnerability fixes in open source dependencies. We'll demonstrate methods to promptly identify and address these issues within the developer workflow, ensuring swift resolution without impeding development progress.
About the presenters:
Kyle Kelly, Security Researcher, Supply Chain Team at Semgrep
Kyle Kelly is a Security Researcher on the Supply Chain Team at Semgrep, a fast, open source static analysis tool for finding bugs, detecting vulnerabilities in third-party dependencies, and enforcing code standards. In addition, Kyle is the Founder of CramHacks, a Supply Chain Security Newsletter, where he tries to convince people coffee is a supply chain risk.
Date: December 12, 2023
Time: 11:00am PT
Duration: 1 hour