Loading…
April 16-18, 2024
Seattle, Washington
View More Details & Registration
Note: The schedule is subject to change.

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for Open Source Summit North America 2024 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

This schedule is automatically displayed in Pacific Daylight Time (UTC/GMT -8). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date."

IMPORTANT NOTE: Timing of sessions and room locations are subject to change.

Back To Schedule
Wednesday, April 17 • 2:00pm - 2:10pm
Lightning Talk: A Teen’s Perspective on Navigating Open Source Security with GUAC - Nathan Naveen, Kusari

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share
Feedback form is now closed.


Do you and your security team know (and agree on) your most critical dependencies? In open-source software development, managing dependencies is crucial for security. As an 11th grader, I bring a new perspective to the area of supply chain security with GUAC (Graph for Understanding Artifact Composition). GUAC is open source software that ingests SBOMs and creates an evolving dependency graph, calculating the number of dependencies for each package using the graph. This highlights your most critical packages. Identifying these packages allows developers to prioritize security reviews and maintenance on key dependencies for their organizations. This talk will show how incorporating GUAC into the development cycle can help developers and security engineers mitigate risk. And will explain how managing dependencies is critical to the security posture. Attendees will learn how this prioritization simplifies dependency management and strategically directs attention to maintaining secure software.
Speakers
avatar for Nathan Naveen

Nathan Naveen

Software Engineer, Kusari
Nathan is an 11th grader who loves contributing to open source and solving algorithms. He has been doing both for the past 3 years. He has been contributing to GUAC for the past year, and before GUAC, worked on OSSF Criticality Score. Github: https://github.com/nathannaveen Leetcode... Read More →

Understanding Your Most Risky Dependencies Nathan Naveen pdf
Weighting the Next Actionable Critical Dependency Proposal pdf
Wednesday April 17, 2024 2:00pm - 2:10pm PDT
434 (Level 4)
  SupplyChainSecurityCon
  • Content Experience Level Any
  • Session Slides Attached Yes