Technical Advisory Council

Aeva Black is an incurably queer geek, passionate about privacy and ethics in tech. They’re an open source hacker in Azure’s Office of the CTO, focusing on community safety and supply chain security, and currently serve on the OSI Board and the OpenSSF TAC. In a previous life, Aeva founded the OpenStack Ironic project, served on the board of the Consent Academy, managed a few small MySQL databases, and lived on a tiny farm in the Olympic Mountains.

Arnaud Le Hors is Senior Technical Staff Member of Open Technologies at IBM, working on a range of technologies with a primary focus on Open Source supply chain security. Arnaud has been working on standards and open source for over 30 years, both as a staff member of the X Consortium and W3C, and as a representative for IBM. He has been involved in every aspect of the open technology development process: technical, strategic, political, and legal. Arnaud was editor of several key web specifications including HTML and DOM and was a pioneer of open source with the release of libXpm in 1990. Arnaud has participated in several prominent open source projects including the X Window System and Xerces, the Apache XML parser. Arnaud is the main representative for IBM at W3C and INCITS, a member of the Hyperledger Technical Oversight Committee and contributor to OpenSSF.

Bob Callaway is the technical lead and manager of the supply chain integrity group in Google’s Open Source Security Team. He and his team directly contribute to critical secure supply chain projects and drive communication & adoption of best practices throughout the open source ecosystem. Bob is a member of the Technical Advisory Council for sigstore, a Linux Foundation / OpenSSF set of projects focused on improving transparency and UX of software supply chains. Before joining Google in 2021, Bob was a member of Red Hat’s Office of the CTO where he was responsible for emerging technology strategy with strategic partners (including IBM) and a principal architect at NetApp where he focused on contributions to OpenStack and storage automation projects. He holds a PhD in Computer Engineering from NC State University where he also serves as an adjunct assistant professor in the ECE department.

Christopher Robinson (aka CRob) is the Director of Security Communications at Intel Product Assurance and Security. With 25 years of Enterprise-class engineering, architectural, operational and leadership experience, Chris has worked at several Fortune 500 companies with experience in the Financial, Medical, Legal, and Manufacturing verticals, and spent 6 years helping lead the Red Hat Product Security team as their Program Architect.

Dan has been working on and worrying about containers since 2015 as an engineer, manager, founder and CEO. He started projects like Minikube, Skaffold, and Kaniko to make containers easy and fun, then got so worried about the state of OSS supply-chains he partnered up with Kim and others to found the Tekton and Sigstore projects to make it easier to build and use containers securely; as well as SLSA to create a common language for software security and supply chain integrity. He has been involved with the Cloud Native Computing Foundation, chaired the Continuous Delivery Foundation technical oversight committee, and sits on the governing board and technical advisory committee for the Open Source Security Foundation. He’s now a founder and CEO at Chainguard, a startup foucsed on software supply chain security.

Dustin is a software engineer on Google’s Open Source Security Team, where he works on improving the security of open-source software that Google & the rest of the world relies on. He’s also a director of the Python Software Foundation, and maintainer of the Python Package Index.

Zach first got involved in securing open source at Python Packaging sprints, and more recently helped release npm’s package provenance using Sigstore. He works at GitHub as a Principal Engineer and is looking forward to continually improving the security of open source software.