Culture

Presenters John Kjell Source OpenSource SecurityCon NA 2025 Building Trust: Beyond Basic Provenance in Your Software Supply Chain 🚀 In today’s interconnected world, the security of our software supply chain is paramount. We rely on a complex web of dependencies, tools, and build processes, and a single weak link can have devastating consequences. This is why understanding and strengthening build provenance verification is no longer a nice-to-have, but an absolute necessity. We recently had the privilege of diving deep into this critical area with John Kjell, a seasoned consultant at Control Plane and an active open-source maintainer, as he shed light on the nuances of the Supply-chain Levels for Software Artifacts (Salsa) framework and, more importantly, how to go beyond its standard attestations. ...

Presenters Jennifer Power Hannah Braswell Source OpenSource SecurityCon NA 2025 From Paperwork Nightmare to Automated Compliance: Unlocking Security with OSCAL 🚀 Tired of drowning in compliance documentation? Feeling the pain of manual checks and fragmented data that make maintaining a strong security posture feel like an impossible mission? You’re not alone! Jen Power and Hannah Braswell from Red Hat recently took the stage to unveil a revolutionary approach to policy and compliance automation, and it’s all powered by OSCAL. Get ready to ditch the spreadsheets and embrace a future of traceable, automated security. ✨ ...

Presenters Christopher Robinson Jennifer Power Ben Cotton Stephen Augustus Evan Anderson Source OpenSource SecurityCon NA 2025 Level Up Your Open Source Security: The OpenSSF Security Baseline Explained 🚀 Ever felt like you’re drowning in security checklists and constant requests for information from downstream users? You’re not alone! The world of open-source development is fantastic, but keeping up with security demands can feel like a monumental task. That’s where the OpenSSF Security Baseline comes in, offering a clear, accessible path to fortify your projects and reduce that ever-present burden. ...

Presenters Jack Cable Source OpenSource SecurityCon NA 2025 Securing the Digital Foundation: How Policy and AI are Reshaping Open Source Security 🚀 Hey tech enthusiasts! Ever stopped to think about the invisible scaffolding that holds up so much of our digital world? That’s right, we’re talking about open-source software (OSS). And as the digital landscape evolves at lightning speed, so too must our approach to securing this vital foundation. Jack Cable, co-founder and CEO of Corridor, recently shared some fascinating insights on how government policy and the rise of AI are dramatically changing the game for OSS security. Let’s dive in! 🌊 ...

Presenters Juanita Gomez Source OpenSource SecurityCon NA 2025 Unveiling the Security Secrets of Academic Open Source 🛡️: A Deep Dive into UC System Projects Ever wondered about the security of the open source projects born from our academic institutions? Juanita, a PhD candidate at UC Santa Cruz and a dedicated Python community member, recently pulled back the curtain on the open source landscape within the University of California (UC) system. Her groundbreaking research reveals a picture that’s both fascinating and, frankly, a little concerning when it comes to security best practices. Let’s dive into what she discovered! 🚀 ...