OWASP Boston March 2022 Meetup - Virtual Attendance

Mar 16, 2022 · Cambridge, United States of America

This month OWASP Boston will be welcoming Jonathan Leitschuh (https://www.linkedin.com/in/jonathan-leitschuh-94553661/) to share his experience fixing OSS vulnerabilities.

Fixing OSS Security Vulnerabilities at Scale with CodeQL!

You know what’s cooler than finding one vulnerability? Finding thousands of vulnerabilities all at once! You know what’s even cooler than that, fixing them all at once!

Through the power of your good code you can find other people's bad code and make the world a safer place. Be the darling of bug bounty managers and the envy of security researchers.

We'll introduce the 3 solutions that powered this massive fix: CodeQL, GitHub's code query language that finds security vulnerability patterns at scale, and OpenRewrite, a style-preserving refactoring tool used at Netflix that makes the changes to these problems you found, and a custom built bot for generating these thousands of pull requests.

This talk will take you on a journey through what it means to be an “Open Source Security Researcher” and how CodeQL + Rewrite are serious game changers from the solutions that existed before.

Jonathan Leitschuh is a Software Engineer and Security Researcher. He was awarded the first-ever [Dan Kaminsky Fellowship](https://www.humansecurity.com/blog/the-dan-kaminsky-fellowship-finding-and-funding-hacker-firefighters). His research focuses on Open Source Software (OSS), build infrastructure, and software supply chain security. He's best known for his July 2019 bombshell Zoom 0-day vulnerability disclosure. He also championed an industry-wide initiative to get all major artifact servers in the JVM ecosystem to formally decommission the support of HTTP in favor of HTTPS only. To-date he has the most GitHub Security Advisory credits to his name of any OSS contributor on GitHub.

Twitter Handle: @JLLeitschuh

Event organizers
  • OWASP Open Web Application Security Project Boston

    The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software. Our mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license. You'll find everything about OWASP here on or linked from our wiki

    Recent Events

Are you organizing OWASP Boston March 2022 Meetup - Virtual Attendance?

Claim the event and start manage its content.

I am the organizer

based on 0 reviews

Featured Events