10:00 AM - 10:30 AM (PST)
Risk and Reward: The State of Open Source Supply Chain Security
Open Source Software forms a critical link in the supply chain for the entire modern software industry, but it is currently under attack. Recent attacks (Codecov, Solarwinds) have brought this under-funded field from an afterthought to front-page news, culminating in an Executive Order from the President of the United States to improve the security of our nation's digital infrastructure. This keynote will cover recent attacks and open source initiatives to help get this critical problem under control. Specific topics will include Sigstore, In-Toto, The Update Framework, and the OpenSSF.