Explore the art of identifying attack surfaces and securing open source code through threat modeling in this 37-minute conference talk by Aviv Sasson and Daniel Prizmant from Palo Alto Networks. Discover the importance and benefits of threat modeling for open source projects, and learn how attackers utilize this technique to find vulnerabilities. Dive into the technicalities of the threat modeling process, including setting clear objectives, understanding application functionality, and identifying potential vulnerabilities using frameworks like CWE and STRIDE. Gain insights from real-world examples of vulnerabilities found in major open source projects, and understand the challenges of supply chain attacks, outdated libraries, and legacy code. Learn about mitigation strategies and the limitations of security products while acquiring practical knowledge to enhance the security of open source software.