Abhishek Arya
Principal Engineer and Manager, Google Open Source Security Team
Abhishek Arya is a Principal Engineer and head of the Google Open Source Security Team. His team has been a key contributor to various security engineering efforts inside the Open Source Security Foundation (OpenSSF). This includes the Supply Chain Security Framework and Tools (SLSA, Sigstore), Security Risk Measurement Platform (Scorecards, AllStar), Vulnerability Management Solutions (OSV) and Package Analysis pipeline. Prior to this, he was a founding member of the Google Chrome Security Team and built OSS-Fuzz, a highly scaled and automated fuzzing infrastructure that fuzzes all of Google and Open Source.
Abhishek Arya is a Principal Engineer and head of the Google Open Source Security Team. His team has been a key contributor to various security engineering efforts inside the Open Source Security Foundation (OpenSSF). This includes the Supply Chain Security Framework and Tools (SLSA, Sigstore), Security Risk Measurement Platform (Scorecards, AllStar), Vulnerability Management Solutions (OSV) and Package Analysis pipeline. Prior to this, he was a founding member of the Google Chrome Security Team and built OSS-Fuzz, a highly scaled and automated fuzzing infrastructure that fuzzes all of Google and Open Source.
Aeva Black
OpenSSF TAC Vice Chair & Open Source Hacker, Microsoft Azure Office of the CTO
Aeva Black is an incurably queer geek, passionate about privacy and ethics in tech. They're an open source hacker in Azure's Office of the CTO, focusing on community safety and supply chain security, and currently serve on the OSI Board, the OpenSSF TAC, and as a CNCF Board Shadow. In a previous life, Aeva founded the OpenStack Ironic project, served on the board of the Consent Academy, managed a few small MySQL databases, and lived on a tiny farm in the Olympic Mountains.
Aeva Black is an incurably queer geek, open source hacker, and a dot-com veteran with a 20+ year career spanning several startups and Fortune 500 Companies, including HPE, IBM, and Microsoft. Their areas of expertise include open source strategy and community management, containers, databases, bare metal orchestration, and security. Aeva currently works in Azure’s Office of the CTO and hold seats on the Board of the Open Source Initiative, on the OpenSSF’s Technical Advisory Council, and a shadow seat on the Board of the Cloud Native Computing Foundation.
In a previous life, Aeva was the founding member and technical lead of the OpenStack Ironic project, and held seats on the OpenStack Technical Committee, the Kubernetes Code of Conduct Committee, and on the Board of the Consent Academy.
Aeva is a frequent keynote speaker at open source conferences around the world, advocating to make technology more ethical and inclusive, and a lifelong student of the Buddha Dharma. They are also an aspiring writer whose recent works include contributing to “Transending: An Anthology Of Trans Buddhist Voices” (2019), and being the technical editor for “Trust In Computer Systems And The Cloud” (2021).
Bob Callaway
OpenSSF TAC Chair & Tech Lead & Manager, Google Open Source Security Team
Bob is the tech lead & manager of the supply chain integrity group in Google's Open Source Security Team. He and his team directly contribute to critical OSS secure software supply chain projects (including sigstore that he co-founded), as well as help drive adoption of best practices throughout the broader open source ecosystem.
Bob Callaway is the technical lead and manager of the supply chain integrity group in Google’s Open Source Security Team. He and his team directly contribute to critical secure supply chain projects and drive communication & adoption of best practices throughout the open source ecosystem. Bob is a member of the Technical Advisory Council for sigstore, a Linux Foundation / OpenSSF set of projects focused on improving transparency and UX of software supply chains. Before joining Google in 2021, Bob was a member of Red Hat’s Office of the CTO where he was responsible for emerging technology strategy with strategic partners (including IBM) and a principal architect at NetApp where he focused on contributions to OpenStack and storage automation projects. He holds a PhD in Computer Engineering from NC State University where he also serves as an adjunct assistant professor in the ECE department.
Christopher Robinson “CRob”
Directory of Security Communications, Intel
Christopher Robinson (aka CRob) is the Director of Security Communications at Intel Product Assurance and Security. With 25 years of Enterprise-class engineering, architectural, operational and leadership experience, Chris has worked at several Fortune 500 companies with experience in the Financial, Medical, Legal, and Manufacturing verticals, and spent 6 years helping lead the Red Hat Product Security team as their Program Architect.
Christopher Robinson (aka CRob) is the Director of Security Communications at Intel Product Assurance and Security. With 25 years of Enterprise-class engineering, architectural, operational and leadership experience, Chris has worked at several Fortune 500 companies with experience in the Financial, Medical, Legal, and Manufacturing verticals, and spent 6 years helping lead the Red Hat Product Security team as their Program Architect.
Dan Lorenc
CEO, Chainguard
Dan has been working on and worrying about containers since 2015 as an engineer, manager, founder and CEO. He started projects like Minikube, Skaffold, and Kaniko to make containers easy and fun, then got so worried about the state of OSS supply-chains he partnered up with Kim and others to found the Tekton and Sigstore projects to make it easier to build and use containers securely; as well as SLSA to create a common language for software security and supply chain integrity.
Dan has been working on and worrying about containers since 2015 as an engineer, manager, founder and CEO. He started projects like Minikube, Skaffold, and Kaniko to make containers easy and fun, then got so worried about the state of OSS supply-chains he partnered up with Kim and others to found the Tekton and Sigstore projects to make it easier to build and use containers securely; as well as SLSA to create a common language for software security and supply chain integrity. He has been involved with the Cloud Native Computing Foundation, chaired the Continuous Delivery Foundation technical oversight committee, and sits on the governing board and technical advisory committee for the Open Source Security Foundation. He’s now a founder and CEO at Chainguard, a startup foucsed on software supply chain security.
Josh Bressers
VP of Security, Anchore
Josh Bressers is the Vice President of Security at Anchore. Josh has helped build and manage product security teams for open source projects as well as several organizations. Everything from managing supply chains, vulnerabilities, security development lifecycle, DevSecOps, security product management, security strategy, and nearly any other task that falls under the security umbrella. Josh co-hosts the Open Source Security Podcast and the Hacker History Podcast.
Josh Bressers is the Vice President of Security at Anchore. Josh has helped build and manage product security teams for open source projects as well as several organizations. Everything from managing supply chains, vulnerabilities, security development lifecycle, DevSecOps, security product management, security strategy, and nearly any other task that falls under the security umbrella. Josh co-hosts the Open Source Security Podcast and the Hacker History Podcast. He also is the co-founder of the Global Security Database project to bring vulnerability identification into the modern age.
Luke Hinds
Red Hat
Luke Hinds works within the Emerging Technologies group in Red Hat's CTO office, where he leads a team working on open source security. He has held numerous community roles, such as the Kubernetes Security Team and as an elected Project Team Lead for the OpenStack Security Group.
Luke Hinds works within the Emerging Technologies group in Red Hat’s CTO office, where he leads a team working on open source security. He has held numerous community roles, such as the Kubernetes Security Team and as an elected Project Team Lead for the OpenStack Security Group
