Security in the Open Source ecosystem has continuously grown in priority on the global agenda in the technology industry. Many practices like DevOps, Agile, and standards like ISO/IEC 27001 have contributed over the years to adopt and promote a shift-left approach to security in the industry. The Java ecosystem is not separate from the opportunities and challenges the industry has overcome regarding security.
In late 2022 I started to deliver the session “Deep diving into Java ecosystem security with OpenSource and DevSecOps” which provide a glance at how Open Source and the Java ecosystem correlate during the lifecycle of common vulnerabilities and exposures (CVE). The session presents current challenges, opportunities, and recommendations to improve the security management of your new and existing architectures under an approach supported by DevSecOps principles.
I hope that having the opportunity to see how under the hood, the Open Source software security lifecycle is carried out also provides a better understanding of how you can contribute actively to the OSS.