28 Sep 2022
Best Practices Make Perfect! How the OSSF is Improving Secure Development Education - Marta Rybczynska, Founder, Syslinbit & Christopher 'CRob' Robinson, Intel Corporation
Open source projects come in different shapes and colors. They also face different security challenges. However, there are good practices that improve the security of every single project. Marta and CRob will walk the audience through some of the initiatives from the OpenSSF Best Practices group:
- Scorecards and Best Practices badge that allow evaluation of each project
- documents projects can refer to
- a training on developing secure software
---
Open source software is pervasive in data centers, consumer devices, and applications. Securing open source supply chains requires a combination of automated tooling, best practices, education, and collaboration.
Join the growing list of organizations supporting the advancement of securing open source technology and funding the development and adoption of OpenSSF initiatives. https://openssf.org/
Open source projects come in different shapes and colors. They also face different security challenges. However, there are good practices that improve the security of every single project. Marta and CRob will walk the audience through some of the initiatives from the OpenSSF Best Practices group:
- Scorecards and Best Practices badge that allow evaluation of each project
- documents projects can refer to
- a training on developing secure software
---
Open source software is pervasive in data centers, consumer devices, and applications. Securing open source supply chains requires a combination of automated tooling, best practices, education, and collaboration.
Join the growing list of organizations supporting the advancement of securing open source technology and funding the development and adoption of OpenSSF initiatives. https://openssf.org/
- 3 participants
- 27 minutes
28 Sep 2022
Deep Dive into the OpenSSF Mobilization Plan - Brian Behlendorf, OpenSSF
---
Open source software is pervasive in data centers, consumer devices, and applications. Securing open source supply chains requires a combination of automated tooling, best practices, education, and collaboration.
Join the growing list of organizations supporting the advancement of securing open source technology and funding the development and adoption of OpenSSF initiatives. https://openssf.org/
---
Open source software is pervasive in data centers, consumer devices, and applications. Securing open source supply chains requires a combination of automated tooling, best practices, education, and collaboration.
Join the growing list of organizations supporting the advancement of securing open source technology and funding the development and adoption of OpenSSF initiatives. https://openssf.org/
- 1 participant
- 35 minutes
28 Sep 2022
Developer Security Essentials - Liran Tal
---
Open source software is pervasive in data centers, consumer devices, and applications. Securing open source supply chains requires a combination of automated tooling, best practices, education, and collaboration.
Join the growing list of organizations supporting the advancement of securing open source technology and funding the development and adoption of OpenSSF initiatives. https://openssf.org/
---
Open source software is pervasive in data centers, consumer devices, and applications. Securing open source supply chains requires a combination of automated tooling, best practices, education, and collaboration.
Join the growing list of organizations supporting the advancement of securing open source technology and funding the development and adoption of OpenSSF initiatives. https://openssf.org/
- 2 participants
- 25 minutes
28 Sep 2022
Finding LibRaska: The Open Source Library that Props up our Infrastructure: Julia Ferraioli, Open Source Technical Leader, Cisco & Amir Montazery, Chief Operating Officer, Open Source Technology Improvement Fund (OSTIF)
Little-known or non-obvious packages often play an outsized role in critical infrastructure, sometimes taking down large ecosystems as a result. Amir, Caleb and Julia will discuss the challenges of finding these projects and how to support them.
---
Open source software is pervasive in data centers, consumer devices, and applications. Securing open source supply chains requires a combination of automated tooling, best practices, education, and collaboration.
Join the growing list of organizations supporting the advancement of securing open source technology and funding the development and adoption of OpenSSF initiatives. https://openssf.org/
Little-known or non-obvious packages often play an outsized role in critical infrastructure, sometimes taking down large ecosystems as a result. Amir, Caleb and Julia will discuss the challenges of finding these projects and how to support them.
---
Open source software is pervasive in data centers, consumer devices, and applications. Securing open source supply chains requires a combination of automated tooling, best practices, education, and collaboration.
Join the growing list of organizations supporting the advancement of securing open source technology and funding the development and adoption of OpenSSF initiatives. https://openssf.org/
- 2 participants
- 18 minutes
28 Sep 2022
Fireside Chat - Brian Behlendorf, OSSF & Jamie Thomas, IBM
---
Open source software is pervasive in data centers, consumer devices, and applications. Securing open source supply chains requires a combination of automated tooling, best practices, education, and collaboration.
Join the growing list of organizations supporting the advancement of securing open source technology and funding the development and adoption of OpenSSF initiatives. https://openssf.org/
---
Open source software is pervasive in data centers, consumer devices, and applications. Securing open source supply chains requires a combination of automated tooling, best practices, education, and collaboration.
Join the growing list of organizations supporting the advancement of securing open source technology and funding the development and adoption of OpenSSF initiatives. https://openssf.org/
- 3 participants
- 28 minutes
28 Sep 2022
How’s your Supply Chain with your insecure OSS ingestion? - James Holland, Citi
---
Open source software is pervasive in data centers, consumer devices, and applications. Securing open source supply chains requires a combination of automated tooling, best practices, education, and collaboration.
Join the growing list of organizations supporting the advancement of securing open source technology and funding the development and adoption of OpenSSF initiatives. https://openssf.org/
---
Open source software is pervasive in data centers, consumer devices, and applications. Securing open source supply chains requires a combination of automated tooling, best practices, education, and collaboration.
Join the growing list of organizations supporting the advancement of securing open source technology and funding the development and adoption of OpenSSF initiatives. https://openssf.org/
- 2 participants
- 27 minutes
28 Sep 2022
Improving Global Software Supply Chain Security with Alpha-Omega - Michael Scovetta, Principal Security PM Manager & Michael Winser, Product Manager, Google
The Alpha-Omega Project provides resources and a framework to improve the security posture of the supply chain by focusing on the most critical (Alpha) and the long-tail of open source projects. This talk will share early insights from this new program at OpenSSF.
---
Open source software is pervasive in data centers, consumer devices, and applications. Securing open source supply chains requires a combination of automated tooling, best practices, education, and collaboration.
Join the growing list of organizations supporting the advancement of securing open source technology and funding the development and adoption of OpenSSF initiatives. https://openssf.org/
The Alpha-Omega Project provides resources and a framework to improve the security posture of the supply chain by focusing on the most critical (Alpha) and the long-tail of open source projects. This talk will share early insights from this new program at OpenSSF.
---
Open source software is pervasive in data centers, consumer devices, and applications. Securing open source supply chains requires a combination of automated tooling, best practices, education, and collaboration.
Join the growing list of organizations supporting the advancement of securing open source technology and funding the development and adoption of OpenSSF initiatives. https://openssf.org/
- 3 participants
- 19 minutes
28 Sep 2022
Keynote: Nithya Ruff, Head, Open Source Program Office, Amazon
---
Open source software is pervasive in data centers, consumer devices, and applications. Securing open source supply chains requires a combination of automated tooling, best practices, education, and collaboration.
Join the growing list of organizations supporting the advancement of securing open source technology and funding the development and adoption of OpenSSF initiatives. https://openssf.org/
---
Open source software is pervasive in data centers, consumer devices, and applications. Securing open source supply chains requires a combination of automated tooling, best practices, education, and collaboration.
Join the growing list of organizations supporting the advancement of securing open source technology and funding the development and adoption of OpenSSF initiatives. https://openssf.org/
- 1 participant
- 21 minutes
28 Sep 2022
SBOM Everywhere - Kate Stewart, Vice President of Dependable Embedded Systems, Linux Foundation
---
Open source software is pervasive in data centers, consumer devices, and applications. Securing open source supply chains requires a combination of automated tooling, best practices, education, and collaboration.
Join the growing list of organizations supporting the advancement of securing open source technology and funding the development and adoption of OpenSSF initiatives. https://openssf.org/
---
Open source software is pervasive in data centers, consumer devices, and applications. Securing open source supply chains requires a combination of automated tooling, best practices, education, and collaboration.
Join the growing list of organizations supporting the advancement of securing open source technology and funding the development and adoption of OpenSSF initiatives. https://openssf.org/
- 3 participants
- 21 minutes
28 Sep 2022
Sigstore: Using Transparent Digital Signatures to Help Secure the Software Supply Chain: Bob Callaway, Tech Lead & Manager, Google Open Source Security Team, Google
---
Open source software is pervasive in data centers, consumer devices, and applications. Securing open source supply chains requires a combination of automated tooling, best practices, education, and collaboration.
Join the growing list of organizations supporting the advancement of securing open source technology and funding the development and adoption of OpenSSF initiatives. https://openssf.org/
---
Open source software is pervasive in data centers, consumer devices, and applications. Securing open source supply chains requires a combination of automated tooling, best practices, education, and collaboration.
Join the growing list of organizations supporting the advancement of securing open source technology and funding the development and adoption of OpenSSF initiatives. https://openssf.org/
- 1 participant
- 27 minutes
28 Sep 2022
What is OpenSSF? - Brian Behlendorf, General Manager, OpenSSF
---
Open source software is pervasive in data centers, consumer devices, and applications. Securing open source supply chains requires a combination of automated tooling, best practices, education, and collaboration.
Join the growing list of organizations supporting the advancement of securing open source technology and funding the development and adoption of OpenSSF initiatives. https://openssf.org/
---
Open source software is pervasive in data centers, consumer devices, and applications. Securing open source supply chains requires a combination of automated tooling, best practices, education, and collaboration.
Join the growing list of organizations supporting the advancement of securing open source technology and funding the development and adoption of OpenSSF initiatives. https://openssf.org/
- 1 participant
- 17 minutes
27 Sep 2022
Keynote: Welcome & Opening Remarks - Christopher 'CRob' Robinson, Director of Security Communications, Product Assurance & Security, Intel
----------
Open source software is pervasive in data centers, consumer devices, and applications. Securing open source supply chains requires a combination of automated tooling, best practices, education, and collaboration.
Join the growing list of organizations supporting the advancement of securing open source technology and funding the development and adoption of OpenSSF initiatives. https://openssf.org/
----------
Open source software is pervasive in data centers, consumer devices, and applications. Securing open source supply chains requires a combination of automated tooling, best practices, education, and collaboration.
Join the growing list of organizations supporting the advancement of securing open source technology and funding the development and adoption of OpenSSF initiatives. https://openssf.org/
- 1 participant
- 7 minutes