Loading…
March 18-20, 2025
Napa, California
View More Details & Registration

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for the event to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to find out more information.

This schedule is automatically displayed in Pacific Daylight Time (UTC/GMT -8). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date."

IMPORTANT NOTE: Timing of sessions and room locations are subject to change.
← Back to schedule
Panel Discussion: Consumption Complacency: Bridging the Gap Between Discovery and Remediation - Brian Fox, Sonatype; Christopher Robinson, OpenSSF; Madison Oliver, GitHub
Wednesday March 19, 2025 2:45pm - 3:15pm PDT
Silverado East
Despite the availability of fixes for well-known vulnerabilities, open source software remains a significant target for attackers. In fact, three years after the infamous Log4j vulnerability, 13% of its downloads are still vulnerable. Even more concerning, 95% of vulnerable components downloaded today have a fixed version available.

In this session, Brian Fox (Sonatype), Christopher Robinson (OpenSSF), and Madison Oliver (GitHub) will explore these stark realities of open source vulnerabilities. The speakers will discuss why these vulnerabilities persist and how outdated or vulnerable components can slip through the cracks. Drawing from years of industry expertise, they will outline real-world remediation strategies and actionable best practices for mitigating open source risks.

Attendees will learn how to accelerate the adoption of secure components, integrate automated tools, and foster collaboration in the open source community to protect their software supply chain. Whether you’re a developer, security professional, or business leader, this session will equip you with the insights needed to secure your open source dependencies and strengthen your organization's resilience.
Speakers
avatar for Christopher

Christopher "CRob" Robinson

Security Lorax, OpenSSF
Christopher Robinson (aka CRob) is the Chief Security Architect for the Open Source Security Foundation. With over 25 years of Enterprise-class engineering, architectural, operational and leadership experience, CRob has worked at several Fortune 500 companies with experience in the... Read More →
avatar for Brian Fox

Brian Fox

Co-founder and CTO, Sonatype
Co-founder and CTO, Brian Fox is an OpenSSF Governing Board member, a member of the Apache Software Foundation and former Chair of the Apache Maven project. As a direct contributor to the Maven ecosystem, including the maven-dependency-plugin and maven-enforcer-plugin, he has over... Read More →
avatar for Madison Oliver

Madison Oliver

Senior Security Manager, Advisory Database Curation, GitHub
Madison Oliver, vulnerability transparency advocate and senior security manager at GitHub, leads the advisory database team. Passionate about vulnerability reporting, response and disclosure, she co-chairs the relevant OpenSSF working group and serves on the CVE Program Board. Previously... Read More →
Wednesday March 19, 2025 2:45pm - 3:15pm PDT
Silverado East
  Security & Trust & Ethics in Open Source
  • Audience Experience Level Any

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share
Share Modal

Share this link via

Or copy link