Open-Source Software (OSS) Risk Assessment with

This session is designed for security engineers, developers, and compliance officers who want to assess and manage the risks of using open-source components in their applications.

We'll walk through:

-Identifying high-risk OSS components in your codebase
-Using SCA tools (e.g., BlackDuck, OWASP Dependency-Check) to assess CVEs and license issues
-Mapping OSS use to SBOM and compliance frameworks (e.g., ISO 5230, EU CRA)
-Prioritizing remediation based on exploitability, reachability, and business impact
-Creating governance policies for OSS adoption in CI/CD

You'll leave this session with a practical understanding of how to evaluate and manage open-source risk in real projects—whether for internal security, regulatory compliance, or customer assurance.

I’m Najib Radzuan, a DevOps/DevSecOps Architect with over 16 years of hands-on experience helping individuals and organizations adopt secure and scalable engineering practices. I’ve served in diverse roles—from developer to DevOps engineer to solution manager—across cloud and on-prem environments.

My passion lies in mentoring professionals in career transformation, especially those transitioning into DevOps and DevSecOps roles. I provide practical, real-time guidance in CI/CD, infrastructure as code, and secure software delivery.

I’m well-versed in tools and platforms like Azure, AWS, Alibaba Cloud, Terraform, Ansible, and Git-based automation. Whether you're building your first pipeline or need enterprise-level architecture advice, I’m here to help you upskill, gain confidence, and succeed.

Let’s bridge the gap between where you are and where you want to be in your DevSecOps journey.