Secure development lifecycle in open source projects

Speaker: Wouter van Rooij

Abstract

The security development lifecycle (shift-left of security in the development process) is quite challenging in open source projects. Looking at more close source projects there are clear requirements, but how can you facilitate security requirements in an open source initiative, with a lot of people contributing?

This talk is about the challenges of taking security into account in each step of the development lifecycle in an open source project. What are the difficulties and can they be tackled? Furthermore, open source projects facilitate the shift-left of security in the development process better than closed source projects and shows how to take advantage of that fact.

Biography

His resume states "native security specialist", as he has been in contact with cybersecurity ever since he was in his early teenage years. Wouter attended my first hacker conference on the age of 13, and got the privilege of turning his hobby into a professional career.

Wouter started as a ethical hacker and worked his way up to the head of operations for the Dutch part of Eurofins Cyber Security.