GitHub / GitHub Universe 2022 - Security

Presented by: Justin Watts

This talk will cover how TELUS reduced security threats and incidents overnight with Github Advanced Security.

As always, feel free to leave us a comment below and don't forget to subscribe: http://bit.ly/subgithub

Thanks!

Connect with us.
Facebook: http://fb.com/github
Twitter: http://twitter.com/github
LinkedIn: http://linkedin.com/company/github

About GitHub
GitHub is the best place to share code with friends, co-workers, classmates, and complete strangers. Millions of people use GitHub to build amazing things together. For more info, go to http://github.com

This panel is tackling one of the thorniest problems in open source: how to make vulnerability reporting simple, secret, and stress-free. Learn about the complex—and sometimes confrontational—relationship between security researchers and the OSS community, and new ways to streamline the reporting process.

As always, feel free to leave us a comment below and don't forget to subscribe: http://bit.ly/subgithub

Thanks!

Connect with us.
Facebook: http://fb.com/github
Twitter: http://twitter.com/github
LinkedIn: http://linkedin.com/company/github

About GitHub
GitHub is the best place to share code with friends, co-workers, classmates, and complete strangers. Millions of people use GitHub to build amazing things together. For more info, go to http://github.com

Presented by: Dan Shanahan

Developers face an ever-increasing demand to quickly deliver secure, high-quality software. In this session, we’ll explore the future of cloud-native secure software development tools which remove friction and increase developer productivity. We’ll demonstrate GitHub products and features such as Codespaces, GitHub Advanced Security (GHAS), and Actions, which help developers receive feedback quicker and deliver higher-quality, more secure software.

As always, feel free to leave us a comment below and don't forget to subscribe: http://bit.ly/subgithub

Thanks!

Connect with us.
Facebook: http://fb.com/github
Twitter: http://twitter.com/github
LinkedIn: http://linkedin.com/company/github

About GitHub
GitHub is the best place to share code with friends, co-workers, classmates, and complete strangers. Millions of people use GitHub to build amazing things together. For more info, go to http://github.com

Presented by: Zach Steindler

Security can be a daunting topic. From user accounts to code security and building security, this session will give administrators of GitHub organizations– small or large–concrete next steps to improve the security of their software development process.

As always, feel free to leave us a comment below and don't forget to subscribe: http://bit.ly/subgithub

Thanks!

Connect with us.
Facebook: http://fb.com/github
Twitter: http://twitter.com/github
LinkedIn: http://linkedin.com/company/github

About GitHub
GitHub is the best place to share code with friends, co-workers, classmates, and complete strangers. Millions of people use GitHub to build amazing things together. For more info, go to http://github.com

Presented by: Tony Torralba

When adding analysis support for a new language in a SAST tool, the best way to verify that it works properly is by using it on real projects and finding real vulnerabilities. This talk will cover how Tony and team did just that for the Kotlin language in GitHub code scanning and how the team uncovered vulnerabilities in five popular open source Android projects. Tony will explain the details of each vulnerability, how the team modeled them as CodeQL queries, and how the team helped the maintainers to fix the issues.

As always, feel free to leave us a comment below and don't forget to subscribe: http://bit.ly/subgithub

Thanks!

Connect with us.
Facebook: http://fb.com/github
Twitter: http://twitter.com/github
LinkedIn: http://linkedin.com/company/github

About GitHub
GitHub is the best place to share code with friends, co-workers, classmates, and complete strangers. Millions of people use GitHub to build amazing things together. For more info, go to http://github.com

Presented by: Calum Hall

GitHub has an obligation to the development community to ensure that they protect their employees and internal systems from threat actors across the globe. A core part of that is ensuring that GitHub is prepared to detect and respond to malicious behaviour targeting the company’s environment. This talk discusses the key detection principles that lead GitHub’s threat detection efforts, as well as how the company combats some of the toughest challenges GitHub, amongst many others, face in the industry today.

As always, feel free to leave us a comment below and don't forget to subscribe: http://bit.ly/subgithub

Thanks!

Connect with us.
Facebook: http://fb.com/github
Twitter: http://twitter.com/github
LinkedIn: http://linkedin.com/company/github

About GitHub
GitHub is the best place to share code with friends, co-workers, classmates, and complete strangers. Millions of people use GitHub to build amazing things together. For more info, go to http://github.com

One of the best parts about working at GitHub is using GitHub to build GitHub—and not only for software development. GitHub is central to how the GitHub Security team drives and delivers secure operations, infrastructure, and products. In this session, Greg Ose will walk through how GitHub uses the platform to enable security workflows that bring the expertise and processes GitHub needs to manage security risk where GitHub engineers and partners are across the business work.

As always, feel free to leave us a comment below and don't forget to subscribe: http://bit.ly/subgithub

Thanks!

Connect with us.
Facebook: http://fb.com/github
Twitter: http://twitter.com/github
LinkedIn: http://linkedin.com/company/github

About GitHub
GitHub is the best place to share code with friends, co-workers, classmates, and complete strangers. Millions of people use GitHub to build amazing things together. For more info, go to http://github.com

Presented by: Hauwa Otori

As always, feel free to leave us a comment below and don't forget to subscribe: http://bit.ly/subgithub

Thanks!

Connect with us.
Facebook: http://fb.com/github
Twitter: http://twitter.com/github
LinkedIn: http://linkedin.com/company/github

About GitHub
GitHub is the best place to share code with friends, co-workers, classmates, and complete strangers. Millions of people use GitHub to build amazing things together. For more info, go to http://github.com

Presented by: Stephanie Moorhead, Babitha Singh, & Justin Trugman

As developers, we are often tasked with creating applications that are secure and compliant with industry standards. However, this can often be a daunting task, especially if we are not familiar with security tools. Join Steph Moorhead and two DevOps leaders from Caregility, Justin Trugman and Babitha Singh, to discuss how they implemented DevSecOps best practices into their development lifecycle, and empowered their developer teams to own security, improve productivity, and focus on doing their best work.

As always, feel free to leave us a comment below and don't forget to subscribe: http://bit.ly/subgithub

Thanks!

Connect with us.
Facebook: http://fb.com/github
Twitter: http://twitter.com/github
LinkedIn: http://linkedin.com/company/github

About GitHub
GitHub is the best place to share code with friends, co-workers, classmates, and complete strangers. Millions of people use GitHub to build amazing things together. For more info, go to http://github.com

Presented by: Kelly Arwine

Discover how security overview can help you manage your enterprise security risk. This session will teach you how to use the security tab to help you roll out security features across your enterprise, assess your level of risk, and manage your software security posture. We’re also giving you a sneak peek into some new security overview functionality coming your way.

As always, feel free to leave us a comment below and don't forget to subscribe: http://bit.ly/subgithub

Thanks!

Connect with us.
Facebook: http://fb.com/github
Twitter: http://twitter.com/github
LinkedIn: http://linkedin.com/company/github

About GitHub
GitHub is the best place to share code with friends, co-workers, classmates, and complete strangers. Millions of people use GitHub to build amazing things together. For more info, go to http://github.com

Remember the days of security halting your release? Or when fixing results took months? Today, GitHub code scanning is defining the next paradigm for secure software development with testing in your workflow that you actually want to use. Join us for a fireside chat with some of the team behind GitHub code scanning to learn about how it evolved, how you can get more out of your security testing, and what’s coming next.

As always, feel free to leave us a comment below and don't forget to subscribe: http://bit.ly/subgithub

Thanks!

Connect with us.
Facebook: http://fb.com/github
Twitter: http://twitter.com/github
LinkedIn: http://linkedin.com/company/github

About GitHub
GitHub is the best place to share code with friends, co-workers, classmates, and complete strangers. Millions of people use GitHub to build amazing things together. For more info, go to http://github.com

Presented by: Leonid Stolyarov

In order to reduce friction between developers and security teams, it’s helpful to think of security as a product that serves developers, and not just a set of policies or series of tasks to be completed after a project has already shipped. In this session, Leonid Stolyarov, Engineering Director at KPMG, will discuss how the enterprise organization turned security into a product by embracing tools like GitHub Advanced Security and GitHub Actions to automate compliance and surface vulnerabilities earlier in the process, before they are shipped into production.

As always, feel free to leave us a comment below and don't forget to subscribe: http://bit.ly/subgithub

Thanks!

Connect with us.
Facebook: http://fb.com/github
Twitter: http://twitter.com/github
LinkedIn: http://linkedin.com/company/github

About GitHub
GitHub is the best place to share code with friends, co-workers, classmates, and complete strangers. Millions of people use GitHub to build amazing things together. For more info, go to http://github.com

Presented by: Courtney Claessens

Seems like every security team is talking about Software Bills of Materials (SBOMs) lately. SBOMs create an inventory of your software components and are a new requirement for many organizations. Beyond checking a compliance box, though, they provide data that helps to assess, minimize, and remediate your software’s risk. This session gives an overview of SBOMs and how they can be used in your security practice for your GitHub projects, so you can more confidently consume open source.

As always, feel free to leave us a comment below and don't forget to subscribe: http://bit.ly/subgithub

Thanks!

Connect with us.
Facebook: http://fb.com/github
Twitter: http://twitter.com/github
LinkedIn: http://linkedin.com/company/github

About GitHub
GitHub is the best place to share code with friends, co-workers, classmates, and complete strangers. Millions of people use GitHub to build amazing things together. For more info, go to http://github.com

Hundreds of thousands of human hours are invested every year in finding common security vulnerabilities with relatively simple fixes. These vulnerabilities aren’t sexy, cool, or new, we’ve known about them for years, but they’re everywhere! The scale of GitHub and tools like CodeQL enable one to scan for vulnerabilities across hundreds of thousands of OSS projects, but the challenge is how to scale the triaging, reporting, and fixing. n this session, Jonathan Leitschuh will cover a highly scalable solution for fixing vulnerabilities—automated bulk pull request generation. Jonathan will discuss the practical applications of this technique on real-world OSS projects. He will also cover technologies like CodeQL & OpenRewrite (a style-preserving refactoring tool created at Netflix and now developed by Moderne).

As always, feel free to leave us a comment below and don't forget to subscribe: http://bit.ly/subgithub

Thanks!

Connect with us.
Facebook: http://fb.com/github
Twitter: http://twitter.com/github
LinkedIn: http://linkedin.com/company/github

About GitHub
GitHub is the best place to share code with friends, co-workers, classmates, and complete strangers. Millions of people use GitHub to build amazing things together. For more info, go to http://github.com

Presented by: Myles Borins

The npm registry is the heart of the JavaScript ecosystem. Hear about the steps that GitHub has taken to secure this important part of the software supply chain from enforcing software solutions, such as automated malware scanning, to policy including enforcing two-factor authentication for high-impact packages. This talk will cover what GitHub has shipped to respond to an increase in threats to the company’s ecosystem and what GitHub is working on next.

As always, feel free to leave us a comment below and don't forget to subscribe: http://bit.ly/subgithub

Thanks!

Connect with us.
Facebook: http://fb.com/github
Twitter: http://twitter.com/github
LinkedIn: http://linkedin.com/company/github

About GitHub
GitHub is the best place to share code with friends, co-workers, classmates, and complete strangers. Millions of people use GitHub to build amazing things together. For more info, go to http://github.com

The era of hybrid work has accelerated the move toward the cloud to run day-to-day operations in global businesses. Because of that, CISOs are more focused than ever on hybrid and cloud development systems as critical points to defend their organizations and their software products. In many cases, security teams are rapidly modernizing the security models for these systems, applying concepts like zero trust to software development and build systems, and more. In this session, GitHub CSO and SVP of Engineering, Mike Hanley will be joined by a panel of CISO's for a security conversation focused on areas like:

How security has changed as organizations move from remote to hybrid work models, and methods used to secure development systems as the software supply chain evolves in a hybrid world.
How to think about zero trust in the context of securing hybrid development systems and critical strategies to secure your organization.
How to build a cross-organizational incident response team and program that leads to productive communication channels to swiftly handle incidents.

As always, feel free to leave us a comment below and don't forget to subscribe: http://bit.ly/subgithub

Thanks!

Connect with us.
Facebook: http://fb.com/github
Twitter: http://twitter.com/github
LinkedIn: http://linkedin.com/company/github

About GitHub
GitHub is the best place to share code with friends, co-workers, classmates, and complete strangers. Millions of people use GitHub to build amazing things together. For more info, go to http://github.com

Presented by: Mariam Sulakian

Secrets leak every day. Hundreds of them. These credentials, which can be left anywhere software is built, expose individuals and entire organizations to malicious attacks. To tackle the critical security threat proactively, it’ll take an industry movement. This session walks through how developers, security teams, and credential issuers can help secure the world's code and eliminate credential based breaches. Together.

As always, feel free to leave us a comment below and don't forget to subscribe: http://bit.ly/subgithub

Thanks!

Connect with us.
Facebook: http://fb.com/github
Twitter: http://twitter.com/github
LinkedIn: http://linkedin.com/company/github

About GitHub
GitHub is the best place to share code with friends, co-workers, classmates, and complete strangers. Millions of people use GitHub to build amazing things together. For more info, go to http://github.com

Presented by: Nick Liffen

Let’s discuss why modern software needs processes and tooling to be developers-first. Nick will explain why security is becoming essential and why just shifting your security tooling left won’t cut it for your developers. Nick will dive into some of the data and tools at hand, which can help push your developers to be more aware of security, and truly treat it as a first-class citizen of the software development lifecycle. (SPEAKER MANAGER: Does "security" need to be added before "processes" in the above?)

As always, feel free to leave us a comment below and don't forget to subscribe: http://bit.ly/subgithub

Thanks!

Connect with us.
Facebook: http://fb.com/github
Twitter: http://twitter.com/github
LinkedIn: http://linkedin.com/company/github

About GitHub
GitHub is the best place to share code with friends, co-workers, classmates, and complete strangers. Millions of people use GitHub to build amazing things together. For more info, go to http://github.com

Find out what’s new in GitHub’s security products as we continue to build security into the developer workflow. We’ll make a major announcement in our supply chain security area, demonstrate the power of CodeQL for finding new vulnerabilities, and show how GitHub is helping security teams work with developers.

As always, feel free to leave us a comment below and don't forget to subscribe: http://bit.ly/subgithub

Thanks!

Connect with us.
Facebook: http://fb.com/github
Twitter: http://twitter.com/github
LinkedIn: http://linkedin.com/company/github

About GitHub
GitHub is the best place to share code with friends, co-workers, classmates, and complete strangers. Millions of people use GitHub to build amazing things together. For more info, go to http://github.com