Skip to main content

📩 Stay Updated! Follow us on LinkedIn and join our mailing list for the latest news!

Upleveling Everybody to Secure the OSS Supply Chain – OpenSSF August Town Hall Highlights

By August 22, 2022Blog
August OpenSSF Town Hall Q&A

By Jennifer Bly, OpenSSF

The August OpenSSF Town Hall brought together the open source community to hear the latest and greatest about the work going on to secure the open source software supply chain. Both the Town Hall slide deck and event recording are available for you to view.

Highlights from the Town Hall included:

  • OpenSSF Tour and Membership Update by Brian Behlendorf, OpenSSF
  • Securing Software Repos by Dustin Ingram, Google
  • Securing Critical Projects and Security Audits by Amir Montazery, OSTIF
  • Signing, Verifying and Protecting Software with Sigstore by Asra Ali, Google
  • How to Get Involved in OpenSSF Working Groups and Projects by David A. Wheeler, Linux Foundation / OpenSSF
  • Q&A which surfaced questions along the lines of:
    • With all the activities going on in security and standards to share information, how do we ensure that everything is aligned and doesn’t compete?
    • Are there any plans, ideas, or groups working on reducing the amount of work for developers while increasing security?

Watch the full webcast below.

[embedyt] https://www.youtube.com/watch?v=B2m_uBKK1-8[/embedyt]

 

The majority of respondents (73.3%) to the post-event survey were new, just getting started or there to better understand OpenSSF (if you’d like share your feedback in that survey, it will be open for the next week).

To all our new participants, welcome!

To all our new observers, thanks for stopping by! Please consider taking the next step to join one of our Working Groups or Projects, chat with us on Slack, or try one of these other ways of getting involved.

As Brian said upfront, “What we’re trying to do is pull together the best things that happen out there in the open source world when it comes to securing the supply chain to uplevel everybody. Right? To try to figure out where the gaps are. What’s missing? Sometimes that’s education and guides. And funding of security audits. Sometimes it is new code such as Sigstore. Or specifications like SLSA. There’s a really rich rainbow of different projects at OpenSSF, and I encourage you all to check it out.”