Scaling the Security Researcher: June 29

mlns='http://www.w3.org/1999/xhtml'>

Find out how researchers fix the most vulnerabilities across OSS

VIEW THE WEB VERSION PLEASE JOIN US FOR THE NEXT INSTALLMENT IN THE BLACK HAT WEBINAR SERIES Scaling the Security Researcher to Eliminate OSS Vulnerabilities Once and For All Thursday, June 29, 2023 | 11:00 AM PDT | 60 Minutes, Including Q+A The scale of GitHub and tools like CodeQL (GitHub's code query language) enable one to scan for vulnerabilities across hundreds of thousands of OSS projects, but the challenge is how to scale the triaging, reporting, and fixing. Simply automating the creation of thousands of bug reports by itself isn't useful, and would be even more of a burden on volunteer maintainers of OSS projects. Ideally, the maintainers would be provided with not only information about the vulnerability, but also a fix in the form of an easily actionable pull request. What is the most efficient way to leverage researcher knowledge to fix the most vulnerabilities across OSS? This talk will cover a highly scalable solution - automated bulk pull request generation. We'll discuss the practical applications of this technique on real world OSS projects. We'll also cover technologies like CodeQL and OpenRewrite (a style-preserving refactoring tool created at Netflix and now developed by Moderne). Let's not just talk about vulnerabilities, let's actually fix them at scale. REGISTER NOW Sponsored By: Webinar Presenters Jonathan Leitschuh Software Engineer Human Security Jonathan Leitschuh is a Software Engineer and Software Security Researcher. He is the first-ever Dan Kaminsky Fellow. Jonathan is best known for his July 2019 bombshell Zoom 0-day vulnerability disclosure. He is amongst the top OSS researchers on GitHub by advisory credit. He's both a GitHub Star and a GitHub Security Ambassador. In 2019 he championed an industry-wide initiative to get all major artifact servers in the JVM ecosystem to formally decommission the support of HTTP in favor of HTTPS only. In his free time, he loves rock climbing, surfing, and sailing his Hobie catamaran. View Full Bio Here Shweta Khare Principal Technical Product Marketing Manager Cisco Outshift Shweta Khare is a product marketing leader focused on Cisco Outshift’s cloud native application security portfolio. With a true passion for cybersecurity and expertise in developing strategic GTM frameworks, Shweta enjoys researching market dynamics, customer pain points, and emerging trends to ensure that products are positioned for success in competitive markets. View Full Bio Here Black Hat c/o Informa Tech Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA   This email was sent to newsletter@newslettercollector.com.   To understand how we use your personal information, please see our  Privacy Policy  |  Unsubscribe Copyright © 2023 Informa Tech Holdings LLC. All Rights Reserved.