Widespread in software industry, open source software (OSS) facilitates rapid solution development by incorporating pre-built components built and maintained by external developers. Although the utilization of OSS has undeniable advantages, the detection of security vulnerabilities within these components can result in severe consequences. The expanding scale and intricacy of the OSS ecosystem pose specific challenges: How can one ensure the reliability of the OSS employed for critical operations? How can security risks be mitigated in a DevOps environment that prioritizes speed? When should I reinvent the wheel?

In this talk, we will describe lessons learned using OSS software in the core of an organization and explore best practices to make sure we can reliably use open source software without compromising our security.