Articles / Presentations

 

I wrote the chapter on Open Source Security and Compliance for the O’Reilly Book “97 Things Every Information Security Professional Should Know”
https://www.oreilly.com/library/view/97-things-every/9781098101381

Best Practices and Pitfalls for Using Open Source Components in Fintech (Synk webinar)
https://go.snyk.io/open-source-security-fintech.html

Open source in FSI: more leverage, less risk (warning Pandemic Haircut!!!)
https://stacresearch.com/GSL-Spring2021-open-source-fsi

“Just Enough Open Source: A kick start on security, license compliance, and business model – Open Source 101 Conference March 30 2021
https://www.youtube.com/watch?v=2RLUIDcdRrQ

Open Source Licensing: Types, Strategies and Compliance (All Things Open 2020)
https://www.youtube.com/watch?v=GGabCyCbTVU

The last 15 years of OSS compliance, current trends and the future (open Core Summit 2020)
https://www.coss.community/cossc/ocs-2020-breakout-jeff-luszcz-o3g

Openchain: 15 Years in Open Source Compliance
https://www.slideshare.net/ShaneCoughlan3/jeff-luszcz-on-open-source-compliance

ITProPortal: How to measure readiness for OSS vulnerabilities
https://www.itproportal.com/features/how-to-measure-readiness-for-oss-vulnerabilities/

The State of Open Source Software (OSS): 2016 Year in Review
https://www.youtube.com/watch?v=gdBsVXF9_0s

2015 Year in Review The State of Open Source Software (OSS)
https://www.youtube.com/watch?v=Y16iPV-eN0s

financialit: OSS Compliance in Banking and Finance
https://financialit.net/blog/oss-compliance-banking-and-finance

OSSF 2018 – Jeff Luszcz of Flexera – Common Open Source Intake Issues and How to Resolve Them
https://www.slideshare.net/finosfoundation/ossf-2018-jeff-luszcz-of-flexera-common-open-source-intake-issues-and-how-to-resolve-them

OSSF 2018 – Jeff Luszcz of Flexera – Day 2 – Open Source Culture, Standards, Risks, and Remediation: A Deep Dive
https://www.slideshare.net/finosfoundation/ossf-2018-jeff-luszcz-of-flexera-day-2-open-source-culture-standards-risks-and-remediation-a-deep-dive

Automotive World: Understanding Open Source Software and automotive safety certifications
https://vimeo.com/291532016

ITProPortal: OSS and third-party security risk: Lessons for IoT businesses
https://www.itproportal.com/features/oss-and-third-party-security-risk-lessons-for-iot-businesses/

Linuxfest Northwest 2016: Securing Zombie code in your software
https://codeandtalk.com/v/linuxfest-northwest-2016/linuxfest-northwest-2016-securing-zombie-code-in-your-software

Linuxfest Northwest 2016: You’re Using Open Source, but are you respecting it?
https://codeandtalk.com/v/linuxfest-northwest-2016/linuxfest-northwest-2016-youre-using-open-source-but-are-you-respecting-it

Americas Business: Software CEO’s Unfamiliarity with Open Source and Third-party Use Places Banking and Financial Sector Businesses at Risk
https://www.paymentsjournal.com/software-ceos-unfamiliarity-with-open-source-and-third-party-use-places-banking-and-financial-sector-businesses-at-risk/

Global Banking and Finance Review Magazine: Software CEO’s Unfamiliarity with Open Source and Third-party Use Places Banking and Financial Sector Businesses at Risk
https://issuu.com/globalbankingandfinancereview/docs/forissuu/138

DZone: Think Open-Source Software Is Free? Think Again…
Take control of the OSS in your product infrastructure and learn how to be a responsible user of open source software.
https://dzone.com/articles/think-open-source-software-is-free-think-again

Network Security Newsletter: Apache Struts 2: how technical and development gaps caused the Equifax Breach
https://digpath.co.uk/wp-content/uploads/2018/04/NESE_2018-01_Jan.pdf

Five steps to managing Open Source Software vulnerability and license management
https://digitalisationworld.com/blogs/51141/five-steps-to-managing-open-source-software-vulnerability-and-license-management

Open Source Adoption in Enterprises – The Risks, and How to Mitigate
https://www.brighttalk.com/webcast/6245/245823/open-source-adoption-in-enterprises-the-risks-and-how-to-mitigate

Open Source Strategy Forum: Managing the Software Supply Chain Policies that Promote Innovation While Optimizing Security and Compliance
https://opensourcestrategyforum.org/wp-content/uploads/2017/11/OpenSourceStrategyForum2017-Luszcz-SupplyChain.pdf

DZone: Open Source Lessons for IoT Companies
https://dzone.com/articles/open-source-lessons-for-iot-companies

ITProPortal: Hackers “strut” in again at Equifax… What stopped the patch?
https://www.itproportal.com/features/hackers-strut-in-again-at-equifax-what-stopped-the-patch/

IDG Connect: The business rationale for an open source software internal audit
https://www.idgconnect.com/idgconnect/opinion/1029255/business-rationale-source-software-internal-audit

CLE Credit from The Knowledge Group: Open Source Software & the Technical Due Diligence Process
https://www.theknowledgegroup.org/webcasts/open-source-software/

Creating An Environment for “Continuous Compliance” within Open Source Software (withh Martin Callinan)
https://www.truthinit.com/index.php/video/1815/creating-an-environment-for-continuous-compliance-within-open-source-software/

Software Testing News: Why should we care about cutting and pasting open source code?
https://www.softwaretestingnews.co.uk/why-should-we-care-about-cutting-and-pasting-open-source-code/

There’s A New Struts 2 Vulnerability, Take Heed
https://www.informationsecuritybuzz.com/articles/theres-a-new-struts/

Dzone: Helping Make Open Source Secure, Compliant, and Sustainable With Jeff Luszcz of Flexera [Audio]
https://dzone.com/articles/helping-make-open-source-secure-compliant-and-sust?fromrel=true

2018-06 Open Source Software – Implications for Internal Audit
https://chapters.theiia.org/san-jose/Events/Pages/2018-06—Open-Source-Software—Implications-for-Internal-Audit.aspx

DZone: A Conversation With Jeff Luszcz
https://dzone.com/articles/a-conversation-with-jeff-luszcz

Webinar: Don’t Let Hackers Breach Your Data – Lessons learned from Apache Struts2, Heartbleed and Wannacry
https://www.flexera.com/blog/application-readiness/2017/10/dont-let-hackers-breach-your-data-leasons-learned-from-apache-struts2-heartbleed-and-wannacry/

Ignoring Open Source Components is Making Security Software Insecure
https://www.itsecurityguru.org/2017/01/05/ignoring-open-source-components-making-security-software-insecure