Talk

Expect The Unexpected: How To Choose Reliable Open Source Dependencies
Conference (BEGINNER level)
Room 9

Open source components make up a staggering 90% of modern application dependencies. Given the software industry’s heavy reliance on open source projects, it’s increasingly important to choose well-maintained, community-based components to withstand better an unpredictable disaster, such as last year's Log4j vulnerability.


As software security professionals that also happen to be pandemic brides, we know a thing or two about dealing with the unexpected. As it turns out, choosing reliable event vendors has a lot of parallels with choosing open source software components. Come to this talk to learn about best practices around choosing open source dependencies you can rely on and how to set your ecosystem up for success.



Theresa Mammarella
Sonatype

Theresa is a developer advocate, computer engineer, and open source contributor with a background in JVM and compiler projects. She currently works at Sonatype, educating developers on cybersecurity and code quality. Outside of work, she devotes her time to animal rescue initiatives including fostering and training dogs and cats, admin work, and advocacy.

Kadi Grigg
Sonatype, Inc.

Kadi is passionate about the DevOps / DevSecOps community since her days of working with COBOL development and Mainframe solutions. At Sonatype, she collaborates with developers and security researchers and hosts Wicked Good Development, a podcast about the future of open source. When she's not working with the developer community, she loves running, traveling, and playing with her dog Milo.