Secure Open Source Development

Josh Bressers (Elastic)
Software Architecture
Location: D137/138 Level: Intermediate
Average rating: ***..
(3.17, 6 ratings)

Open source has reached a tipping point in the world of computing. Today it is nearly impossible to find or build a product without using open source software in some way. It’s common to see open source used in the development tools, build system, internal libraries, even running infrastructure. At the same time, security has never been more important than it is now. On numerous occasions it has been suggested that closed source development is more secure than open source development. So far reality has not backed up such accusations.

Even though open source has an impressive security track record, it’s certainly not perfect. There are a number of things we can do in an attempt to reduce the number of security flaws in open source software.

In this session we will discuss existing tools and processes used in open source development. Some things developers and projects can do to help keep security in mind for the code. Tips for developers using open source code in their products. And finally some ideas about what the future will hold in the area of secure open source development.

Photo of Josh Bressers

Josh Bressers


Josh Bressers founded and heads the Red Hat Product Security Team. The group is responsible for working with product groups to incorporate software assurance practices into their development. Josh was previously a Senior Software Engineer in the Red Hat Security Response Team and has over ten years of experience working on security issues with the open source community.


Sponsorship Opportunities

For information on exhibition and sponsorship opportunities at the conference, contact Sharon Cordesse at (707) 827-7065 or

Contact Us

View a complete list of OSCON contacts