Using Open Source? Fasten Your Seatbelt!

Amy Zwarico
Randy Stricklin
The AT&T Chief Security Office is driving the safe use of open source in its mobility and broadband networks. CSO has taken the wheel in several communities to help keep the most strategic open source code protected and security vulnerabilities out of AT&T’s critical infrastructure. But, there’s lots of good, useful open source that is not within our scope to help protect. In this talk we’ll explore what makes good open source, how to test the security of the code before it gets into your run-time, and how to maintain the security of the open source running in your business environment. Kick the tires and learn about CSO’s work with the O-RAN Alliance, ONAP and Akraino: how we’re working to make Open RAN and ONAP secure by design, and how we’ve rolled up our sleeves in ONAP, ORAN-SC and Akraino to support secure software development practices through automated vulnerability testing on code and containers. Hear how to utilize software signing and software bill of materials. Finally, see first-hand results of adopting the industry best practice of mean time to upgrade (MTTU) for dramatically helping to reduce software vulnerabilities in your run-time environment.