Product Engineering

Presenters Madalin Neag Source OpenSource SecurityCon 2026 Navigating the Global Compliance Maze: How OpenSSF OSPO’s Baseline Simplifies Security for Open Source 🌐🛡️ The world of open source software is a vibrant, collaborative engine powering critical infrastructure across the globe. From finance and healthcare to transportation and energy, open source projects are the unsung heroes. But as these projects grow in importance, so does the scrutiny they face, particularly regarding security and compliance. Madalin Neag, an EU Policy Advisor at OpenSSF, sheds light on the increasingly complex regulatory landscape and introduces a powerful solution: the OpenSSF OSPO’s Baseline. ...

Presenters Thijs Ebbers Tadeo Sanchez Source OpenSource SecurityCon 2026 🛡️ Beyond Zero Trust: How ING Achieves Zero Breaches with Zero Privilege Architecture Imagine a world where production environments run autonomously, human error is designed out of the system, and security breaches simply don’t happen. For the team at ING, this isn’t a pipe dream—it is their daily reality. In a recent deep dive, Thijs Ebbers (Architect) and Tadeo Sanchez (Lead Engineer) shared the secrets behind their container hosting platform’s success. The numbers speak for themselves: zero security breaches and 100% uptime. 🚀 ...

Presenters Andrew McNamara Adolfo García Veytia Source OpenSource SecurityCon 2026 Level Up Your Software Supply Chain: Policy Engines for Attestations and Provenance 🚀 Hey tech enthusiasts! 👋 Ever feel like generating software attestations and provenance is the easy part, but actually using that valuable data feels like a black box? You’re not alone! Andrew McNamara from Red Hat and Adolfo García Veytia (aka “puerco”) from the Kubernetes release engineering team are here to demystify this crucial step. They’re showcasing how policy engines can transform your attestations and provenance into actionable, automated decisions for a more secure software supply chain. ...

Presenters Hannah Foxwell Justin Cormack Sal Kimmich Erika Heidi Josh Bressers Source OpenSource SecurityCon 2026 Navigating the Storm: Practical Strategies for Modern Supply Chain Security 🛡️ The digital landscape is a battlefield, and the supply chain is the new frontier. From the chilling lyrics of a song about relentless attacks to the serious discussions of industry leaders, one thing is clear: the threat to our software supply chains is real, it’s evolving, and we need practical strategies to defend ourselves. This panel brought together some brilliant minds to tackle this critical issue, and here’s a breakdown of their insights. ...

Presenters Yongjae Chung Justin Cappos Source OpenSource SecurityCon 2026 🛡️ Beyond the Green Checkmark: Securing Source Code with git-tough Source code serves as the foundation of our digital world, yet it remains an ideal target for attackers. We often trust the platforms where we host our code, but what happens when that trust is misplaced? At a recent tech talk, Justin Cappos (creator of TUF and in-toto) and Yongjae Chung (Master’s student and contributor) introduced git-tough, an incubating project under the OpenSSF designed to bring industrial-grade security directly into your Git workflow. ...