Session: Securing Your Software Supply Chain One Open Source Project at a Time
Delivering software fast is one piece of the CI/CD puzzle, but delivering it securely is the glue that keeps your puzzle from falling apart. Software supply chain attacks are on the rise with security exploits directly targeting open source projects, central repositories, and software package managers. Now that developers are the target of security attackers, how do you protect your DevOps pipeline?
This is a problem that multiple open source foundations are working to solve. To help ensure a secure SDLC, the CDF, CNCF, OpenSSF, OWASP and Rust Foundation in addition to other foundations have dedicated SIGs and projects addressing this problem. This talk will highlight the importance of securing your software supply chain at the source and how the open source community is working in a vendor neutral manner to solve this problem.
