Helping Secure OSS Software – Alvaro Munoz – ASW #189
- Past research such as JNDI Injection, Unsafe deserialization, Struts RCEs
- OSS security: CodeQL, Dependabot, collaboration between researchers and developers, OWASP Top Ten Proactive Controls, CVD for OSS
Segment Resources:
- [Write more secure code with the OWASP Top 10 Proactive Controls](https://github.blog/2021-12-06-write-more-secure-code-owasp-top-10-proactive-controls/)
- [An analysis on developer-security researcher interactions in the vulnerability disclosure process](https://github.blog/2021-09-09-analysis-developer-security-researcher-interactions-vulnerability-disclosure/)
- [Building security researcher and developer collaboration](https://www.securitymagazine.com/articles/97066-how-to-build-security-researcher-and-software-developer-collaboration)
- [Coordinated vulnerability disclosure (CVD) for open source projects](https://github.blog/2022-02-09-coordinated-vulnerability-disclosure-cvd-open-source-projects/)
- [GitHub Advisory Database now open to community contributions](https://github.blog/2022-02-22-github-advisory-database-now-open-to-community-contributions/)
- [Blue-teaming for Exiv2: creating a security advisory process](https://github.blog/2021-11-02-blue-teaming-create-security-advisory-process/)
Announcements
We're always looking for great guests for all of the Security Weekly shows! Submit your suggestions by visiting https://securityweekly.com/guests and completing the form!
Guest
Alvaro Muñoz works as Principal Security Researcher with GitHub Security Lab team. Previously he worked as an Application Security Consultant helping top enterprises to deploy their application security programs. He is passionate about Web Application security where he has focused most of his research. Muñoz has presented at many Security conferences including BlackHat, DEFCON, RSA, OWASP AppSec EU and US, JavaOne, etc, and holds several infosec certifications, including OSCP, GWAPT, and CISSP.
Hosts
