Explore strategies for mitigating open source software vulnerabilities in this 32-minute conference talk by Andrew Martin from ControlPlane and Michael Lieberman from Kusari. Delve into the current state of open source security, examining why it's no longer trusted by default due to supply chain attacks and vulnerabilities. Discover a range of tools and techniques to defend against these threats, including SBOM analysis, source code examination, open source ingestion techniques, and signing. Learn about assured open source programs, traditional defense-in-depth measures, and emerging security controls. Gain insights into the safety of open source software from GitHub and package managers, the importance of SBOMs throughout the software lifecycle, incident response using open source security tools, and designing systems beyond zero trust for compromise resilience and assumed breach scenarios.