Explore the challenges and vulnerabilities of open source security in this comprehensive talk from the Hack In The Box Security Conference. Delve into Fermin J. Serna's insights on code quality, security practices, and the findings of the Semmle Security Research Team's three-month triage of open source CVEs. Learn about the use of QL for variant analysis and discover specific case studies, including the u-boot research. Gain valuable knowledge from Serna's extensive experience as a security expert, including his roles at Google, Microsoft, and as CSO at Semmle. Examine topics such as backdoors, package managers, Linux kernel buffer overflows, and WiFi framing vulnerabilities. Enhance your understanding of open source security challenges and solutions through this informative presentation.