Abhishek Arya

Principal Engineer and Manager, Google Open Source Security Team

Abhishek Arya is a Principal Engineer and head of the Google Open Source Security Team. His team has been a key contributor to various security engineering efforts inside the Open Source Security Foundation (OpenSSF). This includes the Supply Chain Security Framework and Tools (SLSA, Sigstore), Security Risk Measurement Platform (Scorecards, AllStar), Vulnerability Management Solutions (OSV) and Package Analysis pipeline. Prior to this, he was a founding member of the Google Chrome Security Team and built OSS-Fuzz, a highly scaled and automated fuzzing infrastructure that fuzzes all of Google and Open Source.

Read More

Aeva Black (TAC Vice Chair)

Open Source Hacker, Microsoft Azure Office of the CTO

Aeva Black is an incurably queer geek, passionate about privacy and ethics in tech. They're an open source hacker in Azure's Office of the CTO, focusing on community safety and supply chain security, and currently serve on the OSI Board, the OpenSSF TAC, and as a CNCF Board Shadow. In a previous life, Aeva founded the OpenStack Ironic project, served on the board of the Consent Academy, managed a few small MySQL databases, and lived on a tiny farm in the Olympic Mountains.

Read More

Bob Callaway (TAC Chair)

Tech Lead & Manager, Google Open Source Security Team

Bob is the tech lead & manager of the supply chain integrity group in Google's Open Source Security Team. He and his team directly contribute to critical OSS secure software supply chain projects (including sigstore that he co-founded), as well as help drive adoption of best practices throughout the broader open source ecosystem.

Read More

Christopher Robinson “CRob”

Directory of Security Communications, Intel

Christopher Robinson (aka CRob) is the Director of Security Communications at Intel Product Assurance and Security. With 25 years of Enterprise-class engineering, architectural, operational and leadership experience, Chris has worked at several Fortune 500 companies with experience in the Financial, Medical, Legal, and Manufacturing verticals, and spent 6 years helping lead the Red Hat Product Security team as their Program Architect.

Read More

Dan Lorenc

CEO, Chainguard

Dan has been working on and worrying about containers since 2015 as an engineer, manager, founder and CEO. He started projects like Minikube, Skaffold, and Kaniko to make containers easy and fun, then got so worried about the state of OSS supply-chains he partnered up with Kim and others to found the Tekton and Sigstore projects to make it easier to build and use containers securely; as well as SLSA to create a common language for software security and supply chain integrity. He has been involved with the Cloud Native Computing Foundation, chaired the Continuous Delivery Foundation technical oversight committee, and sits on the governing board and technical advisory committee for the Open Source Security Foundation. He's now a founder and CEO at Chainguard, a startup focused on software supply chain security.

Read More

Josh Bressers

VP of Security, Anchore

Josh Bressers is the Vice President of Security at Anchore. Josh has helped build and manage product security teams for open source projects as well as several organizations. Everything from managing supply chains, vulnerabilities, security development lifecycle, DevSecOps, security product management, security strategy, and nearly any other task that falls under the security umbrella. Josh co-hosts the Open Source Security Podcast and the Hacker History Podcast. He also is the co-founder of the Global Security Database project to bring vulnerability identification into the modern age.

Read More

Luke Hinds

Red Hat

Luke Hinds works within the Emerging Technologies group in Red Hat's CTO office, where he leads a team working on open source security. He has held numerous community roles, such as the Kubernetes Security Team and as an elected Project Team Lead for the OpenStack Security Group.

Read More