OpenSSF / OpenSSF Day Europe 2022

Best Practices Make Perfect! How the OSSF is Improving Secure Development Education - Marta Rybczynska, Founder, Syslinbit & Christopher 'CRob' Robinson, Intel Corporation

Open source projects come in different shapes and colors. They also face different security challenges. However, there are good practices that improve the security of every single project. Marta and CRob will walk the audience through some of the initiatives from the OpenSSF Best Practices group:
- Scorecards and Best Practices badge that allow evaluation of each project
- documents projects can refer to
- a training on developing secure software

---
Open source software is pervasive in data centers, consumer devices, and applications. Securing open source supply chains requires a combination of automated tooling, best practices, education, and collaboration.

Join the growing list of organizations supporting the advancement of securing open source technology and funding the development and adoption of OpenSSF initiatives. https://openssf.org/

Deep Dive into the OpenSSF Mobilization Plan - Brian Behlendorf, OpenSSF

---
Open source software is pervasive in data centers, consumer devices, and applications. Securing open source supply chains requires a combination of automated tooling, best practices, education, and collaboration.

Join the growing list of organizations supporting the advancement of securing open source technology and funding the development and adoption of OpenSSF initiatives. https://openssf.org/

Developer Security Essentials - Liran Tal

---
Open source software is pervasive in data centers, consumer devices, and applications. Securing open source supply chains requires a combination of automated tooling, best practices, education, and collaboration.

Join the growing list of organizations supporting the advancement of securing open source technology and funding the development and adoption of OpenSSF initiatives. https://openssf.org/

Finding LibRaska: The Open Source Library that Props up our Infrastructure: Julia Ferraioli, Open Source Technical Leader, Cisco & Amir Montazery, Chief Operating Officer, Open Source Technology Improvement Fund (OSTIF)

Little-known or non-obvious packages often play an outsized role in critical infrastructure, sometimes taking down large ecosystems as a result. Amir, Caleb and Julia will discuss the challenges of finding these projects and how to support them.

---
Open source software is pervasive in data centers, consumer devices, and applications. Securing open source supply chains requires a combination of automated tooling, best practices, education, and collaboration.

Join the growing list of organizations supporting the advancement of securing open source technology and funding the development and adoption of OpenSSF initiatives. https://openssf.org/

Fireside Chat - Brian Behlendorf, OSSF & Jamie Thomas, IBM

---
Open source software is pervasive in data centers, consumer devices, and applications. Securing open source supply chains requires a combination of automated tooling, best practices, education, and collaboration.

Join the growing list of organizations supporting the advancement of securing open source technology and funding the development and adoption of OpenSSF initiatives. https://openssf.org/

How’s your Supply Chain with your insecure OSS ingestion? - James Holland, Citi

---
Open source software is pervasive in data centers, consumer devices, and applications. Securing open source supply chains requires a combination of automated tooling, best practices, education, and collaboration.

Join the growing list of organizations supporting the advancement of securing open source technology and funding the development and adoption of OpenSSF initiatives. https://openssf.org/

Improving Global Software Supply Chain Security with Alpha-Omega - Michael Scovetta, Principal Security PM Manager & Michael Winser, Product Manager, Google

The Alpha-Omega Project provides resources and a framework to improve the security posture of the supply chain by focusing on the most critical (Alpha) and the long-tail of open source projects. This talk will share early insights from this new program at OpenSSF.

---
Open source software is pervasive in data centers, consumer devices, and applications. Securing open source supply chains requires a combination of automated tooling, best practices, education, and collaboration.

Join the growing list of organizations supporting the advancement of securing open source technology and funding the development and adoption of OpenSSF initiatives. https://openssf.org/

Keynote: Nithya Ruff, Head, Open Source Program Office, Amazon

---
Open source software is pervasive in data centers, consumer devices, and applications. Securing open source supply chains requires a combination of automated tooling, best practices, education, and collaboration.

Join the growing list of organizations supporting the advancement of securing open source technology and funding the development and adoption of OpenSSF initiatives. https://openssf.org/

SBOM Everywhere - Kate Stewart, Vice President of Dependable Embedded Systems, Linux Foundation

---
Open source software is pervasive in data centers, consumer devices, and applications. Securing open source supply chains requires a combination of automated tooling, best practices, education, and collaboration.

Join the growing list of organizations supporting the advancement of securing open source technology and funding the development and adoption of OpenSSF initiatives. https://openssf.org/

Sigstore: Using Transparent Digital Signatures to Help Secure the Software Supply Chain: Bob Callaway, Tech Lead & Manager, Google Open Source Security Team, Google

---
Open source software is pervasive in data centers, consumer devices, and applications. Securing open source supply chains requires a combination of automated tooling, best practices, education, and collaboration.

Join the growing list of organizations supporting the advancement of securing open source technology and funding the development and adoption of OpenSSF initiatives. https://openssf.org/

What is OpenSSF? - Brian Behlendorf, General Manager, OpenSSF

---
Open source software is pervasive in data centers, consumer devices, and applications. Securing open source supply chains requires a combination of automated tooling, best practices, education, and collaboration.

Join the growing list of organizations supporting the advancement of securing open source technology and funding the development and adoption of OpenSSF initiatives. https://openssf.org/

Keynote: Welcome & Opening Remarks - Christopher 'CRob' Robinson, Director of Security Communications, Product Assurance & Security, Intel

----------
Open source software is pervasive in data centers, consumer devices, and applications. Securing open source supply chains requires a combination of automated tooling, best practices, education, and collaboration.

Join the growing list of organizations supporting the advancement of securing open source technology and funding the development and adoption of OpenSSF initiatives. https://openssf.org/