Original Security Development Lifecycle (SDL) has been developed in closed-source environment for software companies. Open Source development challenges many assumptions of SDL which is, as such, unsuitable in many usecases.
This presentation will talk about security in Open Source development throughout whole lifecycle, focusing on: * security training materials and their availability to Open Source developers * specifics of auditing and effectiveness of various forms and approaches (formal audit, hackathons, fuzzing, security testing) * vulnerability research and development of mitigations and countermeasures