Uncover valuable insights into how GitHub secures the open-source software we all depend on, with real-world examples from the GitHub Security Lab, which uncovered 1,000+ vulnerabilities and was credited with 700+ CVEs over four years. Securing open-source software is critical because it underpins much of today’s digital infrastructure, and vulnerabilities in widely used components can create significant risks across entire software ecosystems.

This session will provide the latest updates on how GitHub enhances various elements of the Secure Software Development Life Cycle (SSDLC), leveraging the driving forces of Artificial Intelligence (AI), Developer Experience (DevEx), and community collaboration to secure open source. We will explore best practices in software security, including code scanning, secrets hygiene, dependency management, automation, and enhancing security awareness through gamification. The audience will gain a deep understanding of industry-leading initiatives and lessons learned from our experience in today's rapidly changing landscape.

Target audience are developers interested in software security and want to understand how GitHub uses GitHub to build GitHub securely and how we secure the open source software we all depend on.