Open Source Summit + AI_dev Japan 2024

You do your best to build a quality product and ensure testability and maintainable code. However, code security issues require a different domain of expertise, and your last vulnerable line of code is your first security regret. Maybe you heard about OWASP Top 10, and just maybe you can spot an SQL injection but how do you scale and prioritize code security across your tech stack and your development team? How do you ship secure operational technology (OT) software for critical infrastructure? This task becomes even more difficult to balance with false positive alerts, struggles to find vulnerable C++ libraries statically compiled in your runtime, and bridging the growing security knowledge gap that results in developers writing insecure code. Tune in to learn about secure coding practices and techniques to produce high-quality secure software. Your takeaways from this session will be learning from practical real-world vulnerable code, secure dependency upgrade policies, leveraging SBOMs for vulnerability and package signals, and hands-on hacking demos. This session offers actionable strategies and real-world applications to help you safeguard your critical software projects.