Presentation: Securing Software From the Supply Side

Track: Software Supply Chain

Location: Seacliff ABC

Duration: 11:50am - 12:40pm

Day of week:

Slides: Download Slides

This presentation is now available to view on

Watch video with transcript


In 2019, almost all software is built on open-source. From beginners’ hack projects, to mission-critical software built by huge enterprises, we’re all standing on the shoulders of giants. But this also means that we’re all inviting a huge crowd of people we’ll never even meet to contribute code into our codebases, and we’re only beginning to grapple with the implications of that and how to do it safely.  

At GitHub, we’re building towards a future where it’s easy for Open Source maintainers to keep their users safe and easy for Open Source consumers to understand and use third party code with confidence. In this talk, we’ll follow a vulnerable package from initial report of a vulnerability, through the process of resolution and publishing a new package, and finishing with updating your codebase to use the fixed version, with demos along the way. You’ll learn about the tools GitHub provides Open Source maintainers to improve the safety and security of the software supply chain at the source and how you can leverage their work to make your own codebase more secure.

Speaker: Nickolas Means

Senior Engineering Manager @GitHub

I'm an experienced technology leader with over a decade of experience delivering mission critical web applications and building highly-engaged, effective distributed engineering teams. I love finding awesome people and giving them the space they need to do amazing things together.

Find Nickolas Means at