Culture

Presenters Billy Lynch Source OpenSource SecurityCon NA 2025 Where Do Your Source Attestations Live? Navigating the Labyrinth of Metadata 🗺️ Hey tech enthusiasts! Ever felt like you’re drowning in a sea of metadata, wondering where exactly to stash those crucial source attestations? You’re not alone! At a recent lightning talk, Billy Lynch from Chain Guard dove deep into this very question, exploring strategies for storing and discovering these vital pieces of information. Let’s break down the key takeaways and ponder the future of source attestation storage. 💡 ...

Presenters Ben Cotton Source OpenSource SecurityCon NA 2025 Level Up Your Open Source Security: The OpenSSF Project Security Baseline Explained 🚀 Hey tech enthusiasts! 👋 Ever felt a little overwhelmed by the sheer volume of security advice out there for open source projects? You’re not alone! The good news is, there’s a fantastic initiative making it easier than ever for maintainers to bolster their project’s security, even without a dedicated security team. Let’s dive into the OpenSSF Project Security Baseline and see how it’s revolutionizing open source security hygiene. ...

Presenters Pavel Shukhman Source OpenSource SecurityCon NA 2025 Demystifying the Software Supply Chain: Your Guide to the Transparency Exchange API 🚀 Ever felt like you’re playing a guessing game when it comes to the “ingredients” in your software? You’re not alone! In today’s complex digital world, understanding what goes into our products isn’t just good practice; it’s becoming a necessity, especially with new regulations like the EU CRA on the horizon. This is where the revolutionary Transparency Exchange API (TX API) steps in, promising to transform how we manage and share Software Bills of Materials (SBOMs). ...

Presenters Amir Montazery Source OpenSource SecurityCon NA 2025 Fortifying the Digital Frontier: A Decade of Open-Source Security Audits 🛡️✨ Open-source software is the bedrock of our digital world, powering everything from your favorite apps to critical infrastructure. But with great power comes great responsibility, especially when it comes to security. Amir Montazeri, Managing Director of the Open-Source Technology Improvement Fund (OTF), recently shared invaluable insights into how we can collectively bolster the security of these essential projects. Celebrating its 10th anniversary, OTF is at the forefront of this crucial mission, and their work with the Cloud Native Computing Foundation (CNCF) is a shining example of what can be achieved through dedicated collaboration. ...

Presenters Jeff Diecks Source OpenSource SecurityCon NA 2025 AI Cyber Challenge: Revolutionizing Open Source Security with Intelligent Automation 🚀 The world of open-source software is the backbone of our digital infrastructure, but it’s also a prime target for cyber threats. For years, the challenge has been not just finding vulnerabilities, but fixing them efficiently. Enter the AI Cyber Challenge (AICC), a groundbreaking initiative that brought together cutting-edge AI and the open-source community to tackle this critical problem head-on. ...