By: Jennifer Bly, OpenSSF
The first ever OpenSSF Day at the Open Source Summit North America (OSS NA) was a big success. On June 20th, we gathered in Austin, Texas and online to understand how to solve some of the biggest security challenges in the open source industry, steps being taken, and what’s next.
Throughout the day we heard from many industry experts on a wide variety of topics from vulnerability disclosures to software development training. Emcee of the event, Christopher ‘CRob’ Robinson, gave the welcome & opening remarks and then Nithya Ruff, Chair of the Linux Foundation Board of Directors, took to the stage to speak about a new era for open source security. Next Brian Behlendorf, General Manager of OpenSSF, explained what it will take to mobilize the open source industry in the fight for better security by default. The following presentations included:
- What You Need to Know (and Do) about Vulnerability Disclosure by Anne Bertucio, Google
- Improving Global Software Supply Chain Security with Alpha-Omega by Michael Scovetta, Microsoft & Michael Winser, Google
- Demystifying Digital Signatures by Priya Wadhwa, Chainguard, Inc
- Finding LibRaska: The Open Source Library that Props up our Infrastructure by Julia Ferraioli, Caleb Brown, Google & Amir Montazery, OSTIF
- Automated Techniques for Measuring Trustworthiness of Open Source Code and Communities by Jeff Mendoza, Google & Naveen Srinivasan, Endor Labs
- Education and Training for Secure Software Development & Distribution by David A. Wheeler, The Linux Foundation
- The Secret Life of Maven Central by Joel Orlina, Sonatype
- Fireside Chat with Brian Behlendorf, OpenSSF & Jamie Thomas, IBM
- How OpenSSF and Industry Improve Open Source Security Action and Impact Panel with Tracy Ragan, DeployHub; Rao Lakkakula, JP Morgan Chase; & Bob Callaway, Google
- Closing Remarks by Christopher ‘CRob’ Robinson, Intel
Videos of each of the day’s sessions are now available for you to view on YouTube and you can watch the playlist of all the sessions at OpenSSF Day below.
In addition to OpenSSF Day, there were also many other great talks at co-located events at OSS NA including SupplyChainSecurityCon and the Global Security Vulnerability Summit (GSVS). Media onsite were recording as well. You can catch Brian Behlendorf’s interview with Heather Joslyn of The New Stack and Jamie Thomas’ interview with Alan Shimel of TechStrong here with more recordings to be released over the following weeks on the Linux Foundation blog.
Thank you to each of the keynote speakers, session leaders, panelists, attendees, and community members who made this event possible. We are currently planning another OpenSSF Day at the Open Source Summit Europe in Dublin. Subscribe to the OpenSSF mailing list to be first to know about it and follow the OpenSSF on Twitter and LinkedIn.