Demystifying NIST’s Open Source Software Security Controls

Presented by

Solomon Rubin, Engineering Manager - Security, FOSSA | Gauthami Polsani, Product Marketing Manager, FOSSA

About this talk

There's been a lot of discussion about SBOM-related requirements in the Biden administration’s 2021 cybersecurity executive order. But that same executive order also prompted NIST (the U.S. government’s National Institute of Standards and Technology) to create lesser-known — yet also important — guidance specific to managing open source software security. These recommendations include using programming languages and frameworks with built-in security controls, pulling open source from trusted repositories, and implementing software composition analysis (SCA) to detect vulnerabilities, to name a few. Join FOSSA Security Engineering Manager Solomon Rubin in the webinar “Demystifying NIST’s Open Source Software Security Controls” for a comprehensive overview of NIST’s open source security recommendations — and the practical steps your organization can take to implement them. We’ll discuss: -NIST’s six recommended controls for open source software security -How teams can use NIST’s Foundational, Sustaining, and Enhancing framework as a roadmap to enhance their internal capabilities -The role of SBOMs in vulnerability management -Where software composition analysis (SCA) tools like FOSSA fit into NIST’s guidance
Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (60)
Subscribers (6425)
Up to 90% of any piece of software is from open source, creating countless dependencies and areas of risk to manage. FOSSA is the most reliable automated policy engine for vulnerability management, license compliance, and code quality across the open source stack. With FOSSA, engineering, security, and legal teams all get complete and continuous risk mitigation for the entire software supply chain, integrated into each of their existing workflows.