How to Efficiently Manage OSS Security and Compliance Across Teams

Logo
Presented by

Valentina Ditoiu, Compliance Legal Lead, UiPath; Valentin Lupu, Sec Program Mgr, UiPath; Ryan Goldman, VP Marketing, FOSSA

About this talk

For modern product teams, trading off between productivity and efficiency is an absolute non-starter, especially when it comes to collaboration across different parts of the org. Working with open source software only complicates cross-functional workflows, since third-party code introduces so many variables and so much surface area for risk. In this webinar, leaders from UiPath will discuss the stream of interactions between Security, Engineering, and Legal in monitoring, investigating, and remediating open source vulnerability and license issues. We’ll cover how to promote joint SLAs and use automation tools like FOSSA, CI/CD pipelines, and tracking tools like Jira to reduce technical overhead and enable better results right in existing development processes. You’ll learn more about: - Why Security should build pipelines for automated code SCA scans - What info Legal needs to understand how OSS is used (e.g., repository structure) - How to convey data to Engineering to resolve compliance and security issues earlier

Related topics:

More from this channel

Upcoming talks (3)
On-demand talks (34)
Subscribers (4006)
Up to 90% of any piece of software is from open source, creating countless dependencies and areas of risk to manage. FOSSA is the most reliable automated policy engine for vulnerability management, license compliance, and code quality across the open source stack. With FOSSA, engineering, security, and legal teams all get complete and continuous risk mitigation for the entire software supply chain, integrated into each of their existing workflows.