By Jennifer Bly, OpenSSF
Along the River Liffey in Dublin, Ireland we hosted OpenSSF Day EU at the Open Source Summit Europe earlier this month where community members gathered together to discuss the challenges, big-picture solutions, ongoing work and successes in securing the open source software (OSS) supply chain. In person and virtual attendees had the opportunity to learn more about the Open Source Security Foundation (OpenSSF) and the latest project news. The day featured keynotes, sessions, panels, and fireside chats on subjects such as security best practices, vulnerability discovery, securing critical projects, and the future of OSS security.
Highlights from OpenSSF Day Europe
Kicking off the day, Master of Ceremonies, Christopher âCRobâ Robinson and his goose hat, provided a warm welcome, opening remarks, and introductions to each of our OpenSSF Day speakers. First up, Brian Behlendorf, General Manager of OpenSSF, jumped right in to explain what is OpenSSF? and then Nithya Ruff, Chair of the Linux Foundation Board of Directors and Head, Open Source Program Office, Amazon, took to the stage to speak about a new era for open source security.
Other sessions throughout the day included:
- Sigstore: Using Transparent Digital Signatures to Help Secure the Software Supply Chain by Bob Callaway, Tech Lead & Manager, Open Source Security Team, Google
- Finding LibRaska: The Open Source Library that Props up our Infrastructure by Julia Ferraioli, Open Source Technical Leader, Cisco & Amir Montazery, Chief Operating Officer, Open Source Technology Improvement Fund (OSTIF)
- Improving Global Software Supply Chain Security with Alpha-Omega by Michael Scovetta, Principal Security PM Manager, Microsoft & Michael Winser, Product Manager, Google
- Best Practices Make Perfect! How the OpenSSF is Improving Secure Development Education by Marta Rybczynska, Founder, Syslinbit & Christopher ‘CRob’ Robinson, Director of Security Communications, Product Assurance & Security, Intel Corporation
- Howâs your Supply Chain with your insecure OSS ingestion? by James Holland, CISO Director of AppSec, Citi
- Deep Dive into the OpenSSF Mobilization Plan by Brian Behlendorf
- Developer Security Essentials by Liran Tal, Developer Advocate, Snyk
- SBOM Everywhere by Kate Stewart, VP of Dependable Embedded Systems, Linux Foundation
- Fireside Chat with Jamie Thomas, OpenSSF Board Chair and IBM Enterprise Security Executive and Brian Behlendorf
- Closing Remarks by Christopher âCRobâ Robinson
Watch OpenSSF Day EU Recordings
Each of the recordings from OpenSSF Day are now available for you to view on your own schedule. You can watch the individual videos on YouTube or the whole playlist of all the sessions at OpenSSF Day EU here.
[embedyt] https://www.youtube.com/embed?listType=playlist&list=PLVl2hFL_zAh-iCp-U_2qPgGNF7noJq8AE[/embedyt]Community News Announced at OpenSSF Day EU
Leading up to and throughout OpenSSF Day EU, we made several announcements about new features, guides, grants, areas of focus from the community such as:
- npm Best Practices for the Supply-Chain
- Show Off Your Security Score: Announcing Scorecards Badges
- Introducing the New OpenSSF End Users Working Group
- Alpha-Omega Project Announces Over $1.5M in Grants to Critical Open Source Projects and New Omega Analysis Toolchain
- Introducing New Concise Guides for Developing More Secure Software and Evaluating Open Source Software
- Coordination is Key! The OpenSSFâs CVD Guide for Finders
- Funding Python SPDX Development with the OpenSSF and SBOM Everywhere
Collaboration in Full Force
New at this OpenSSF Day, in person conference attendees had the chance to experience a mini âunconferenceâ. Midday, we broke out into small groups to discuss a variety of topics such as:
- Security Education in the Open Source Software Security Mobilization Plan & Security Education for Full Stack and Web Developers
- OpenSSF Contributor Strategy and Maintainer Engagement
- Malicious Code & Package Publication
- Improving Organization-wide Visibility
After a great day of sessions, OpenSSF sponsored a reception at the Guinness Storehouse where in person attendees relaxed and networked with one another over good food and drink. Cheers to each of our attendees, speakers, panelists, and community members who made this event a success.
We are currently planning for an OpenSSF presence at Open Source Summit Japan in Yokohama in December. To be first to know about those plans, follow us on Twitter and LinkedIn and subscribe to the OpenSSF mailing list.