OpenSSF / OpenSSF Day @ OSS Japan 2022

Activities in Japan along with 10 Streams of OSS Security Mobilization Plan - Muuhh Ikeda, Cybertrust

Compared to other industries such as automotive, cloud service providers in Japan, including Cybozu, who build their system without outsourcing are not so familiar with the terms such as Software Bill of Materials (SBOM) and Supply Chain because they usually do not need to share the list of software they use with other companies.
In this talk, the speaker will explain why the importance of SBOM Everywhere is still not so easy to understand in such a company. The talk will also include a brief discussion about the possibility of SBOMs being used in certification programs, such as ISMAP, and how to prepare for such a future.

Can SBOMs Everywhere Work in Japan? - Takuya Yoshikawa, Cybozu

Open Source Security and the OpenSSF’s Best Practices WG - David Wheeler, Linux Foundation

Software security is critical today, and that includes open source software (OSS). This talk will discuss some general principles involving software security and OSS, including supply chain security, as well as the Open Source Security Foundation (OpenSSF)'s best practices working group and the steps it is specifically taking to address these challenges.

Protecting Kubernetes Resource Manifests in End-to-end SDLC - Yuji Watanabe, IBM

Secure Software Supply Chain at IBM - Fumiko Satoh, IBM

Sigstore: Using Transparent Digital Signatures to Help Secure the Software Supply Chain - Bob Callaway, Google

What is the OpenSSF? - Brian Behlendorf, OpenSSF