June 21-24, 2022
Austin, Texas, USA + Virtual
View More Details & Registration
Note: The schedule is subject to change.

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for Open Source Summit North America 2022 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

This schedule is automatically displayed in Central Daylight Time (UTC -5). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date."

IMPORTANT NOTE: Timing of sessions and room locations are subject to change.

Wednesday, June 22 • 11:50am - 12:30pm
How Do We Rank Project Risk? - Jacques Chester, Shopify

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Somewhere, right now, out there in the world, lurks libnebraska*. To most of us it seems innocuous and maybe even irrelevant. But it turns out to be on the critical dependency path for massive swathes of software worldwide. If a vulnerability affects libnebraska, or someone malicious takes control of it, we're all in a world of hurt.

How can we identify libnebraska? How can we estimate its risks? How can we classify projects into Alpha and Omega categories? Who should make these identifications and estimates? How should they do it?

In this talk, Jacques will discuss various methods for integrating the information that can be found in expert opinions. As an adjunct to data-driven methods, aggregation of expert opinions may be vital to identifying and protecting the next libnebraska.

* https://xkcd.com/2347/

avatar for Jacques Chester

Jacques Chester

Senior Staff Software Developer, Shopify
Jacques is a Senior Staff Software Developer in Shopify's Ruby Dependency Security team under the Ruby & Rails Infrastructure group. He leads work on upstream and community improvements to supply chain security, with a focus on the Ruby ecosystem. Previously he worked in cloud native... Read More →

Wednesday June 22, 2022 11:50am - 12:30pm CDT
Brazos (Level 2)