Get ready for the Secure Open Source Software (SOSS) Community Day NA and Open Source Summit North America 2024, next week in Seattle, Washington! These events are where open source communities converge to collaborate, drive innovation, and foster a vibrant open source ecosystem.Â
SOSS Community Day NA
Co-located with Open Source Summit North America, OpenSSF is hosting SOSS Community Day NA, bringing together community members from across the Security and Open Source ecosystem to share ideas and advancements on capabilities that enhance the sustainable security of open source software (OSS) in development, maintenance, and consumption—on which we all depend.
This year, SOSS Community Day NA is convening OSS community leaders, maintainers, end-users, as well as private and public sector stakeholders to discuss all aspects of open source software security. You can find the full-day schedule available here.
The SOSS Community Day NA kicks off with Omkhar Arasaratnam’s welcome and opening remarks. Track 1 covers connecting supply chain security projects to the community, evaluating critical open source projects, and addressing software supply chain security concerns. Track 2 delves into principles for package repository security, the future of Sigstore, and enhancing Free and Open Source Software (FOSS) security.Â
The event wraps up with closing remarks, followed by a 90-minute Tabletop Exercise (TTX) session for in-depth discussions on security topics. The TTX session welcomes all SOSS Community Day attendees as audience observers. The panel will feature panelists from diverse backgrounds in both public and private sectors.
Join us for our Happy Hour scheduled for April 15 from 5 to 7 PM at Yard House, located at 1501 4th Ave in Seattle (approximately 2 blocks from the Sheraton Grand). This gathering is designed to be a casual and informal opportunity for members to connect and unwind. It’s an excellent chance for our community to strengthen ties and share insights in a relaxed setting. Don’t forget to mark your calendars and RSVP. We look forward to seeing you there!
Open Source Summit North America
With an array of fantastic sessions featured throughout the entire Open Source Summit North America event, here’s a sneak peek at just a few of the standout sessions from the schedule you won’t want to miss next week.
Co-Located Workshops
During Open Source Summit North America, OpenSSF will be hosting SLSA Workshop and OpenSSF Scorecard New Contributor Workshop. In the SLSA workshop, participants will be guided through the effective utilization of the Supply-chain Levels for Software Artifacts (SLSA) framework to enhance the Software Development Life Cycle (SDLC) of deployed code. The workshop’s overarching goal is to demystify the process of leveraging the SLSA framework across the entire supply chain. The Scorecard Workshop offers a valuable hands-on onboarding opportunity. Participants can engage directly with project maintainers and potentially submit their first Pull Request (PR) to the OpenSSF Scorecard in real-time. The session starts with an overview of the project and its architecture, followed by tailored breakout discussions based on participant interests.
To participate in the SLSA workshop and the OpenSSF Scorecard New Contributor Workshop, indicate your interest in the workshops upon registering for Open Source Summit NA.Â
Session Highlights
Panel Discussion: Improving Supply Chain Integrity with OpenSSF Technologies – OpenSSF is advancing technologies to enhance open source and software supply chain security. This panel offers insights from developers of SLSA, S2C2F, and GUAC, discussing their status, industry implementation, and how attendees can use them for better security. Join this session to gain the latest information on leveraging these technologies and improving security posture!
Developing a Secure, Open Future – Join us as we discuss the vital role of the OpenSSF in enhancing open source security. Our diverse community, comprising maintainers, security experts, industry professionals, and enthusiasts, collaborates to improve software security through accessible tools, thorough documentation, and expert guidance. This talk will showcase the work of the OpenSSF through the lens of the software developer, illustrating tangible actions the foundation is taking to educate, inform, and encourage developers to adopt and use excellent security practices.
TPMs, Merkle Trees and TEEs: Enhancing SLSA with Hardware-Assisted Build Environment Verification – This talk presents cryptographic and trusted hardware solutions such as TPMs and TEEs, enabling CI/CD platforms to verify build environments. We’ll discuss erosion of trust in build environments and propose enhancements to the SLSA framework. Attendees will see practical implementations, gaining insights into building more secure and trustworthy platforms. Whether you’re a consumer or implementer of CI/CD, this discussion promises a deeper understanding of secure build platforms and their role in software supply chain security.
Eating the Open Source Security Sandwich with Skootrs – Hungry for learning about open source software security? This session takes you layer by layer through the “sandwich” of tools, practices, and data available for producers, developers and consumers of software. Governing Board member and Kusari Co-Founder & CTO Michael Lieberman aims to ease adoption of cybersecurity practices and tools, and make generation of security metadata simple, by sharing a new open source tool called Skootrs.Â
Panel Discussion – 6 Months in: (building and) Using the OpenSSF Security Toolbelt – Join us in exploring the journey of the Security Toolbelt special interest group, known as “Toolbelters,” as they navigate the complexities of the software supply chain to mitigate OSS security threats. This panel discussion will delve into their mission to identify personas, use cases, capabilities, threats, and patterns, aligning OpenSSF and other OSS security tools. Don’t miss this opportunity to learn about tools applicable to your interests and contribute to shaping the future of OSS security.
We’re excited to hear insights from the open source security community. Mark your calendar, choose the sessions you’d like to join, and plan ahead. Join us from April 15-18!