arrow_back View All Dates
10:15 • We Know Security but How Do We Secure GenAI End-to-End? - Mihai Maruseac, Google
10:40 • Nation-State Threats in the Open-Source Software Supply Chain - Ross Bryant, Phylum
11:20 • Enforcing Organization Policies with Enterprise Contract - Zoran Regvart, Red Hat
11:45 • Play, Learn, Secure: The Power of Gamification in Security Training - Julia Lamenza, Consultant
12:10 • Breaking Barriers: The Art of (Free) Gamified Security Training - Joseph Katsioloudes, GitHub
12:35 • Rules of Engagement for Forking a Dependency - Chris Swan, Atsign
14:15 • Prioritisation of SCA Findings in Software Dependencies Using Static Reachability Analysis - Joseph Hejderup, Endor Labs
14:40 • Managing Vulnerabilities in Open-Source Dependencies - Eva Sarafianou, Mattermost
15:05 • Secure Coding Guide for Python - David Mather & Bart Karas, Ericsson
15:20 • Exploring Some Essential Security Checks for Any Open Source Go Project - Cosmin Cojocar, Google
16:00 • TTX Session - Daniel Appelquist, Samsung; Kairo De Araujo, TestifySec; Georg Kunz, Ericsson; & Moderated by Katherine Druckman, Intel Corporation
09:00 • Welcome & Opening Remarks - Katherine Druckman, Open Source Security Evangelist, Intel Corporation
09:10 • Application Security is a Community Effort - Fernando Diaz, Senior Developer Advocate, Security, GitLab
09:20 • Will eBPF Save Us From the Next Global Outage? - Liz Rice, Chief Open Source Officer, Isovalent @ Cisco
09:40 • CISA Update - Aeva Black, Section Chief, Open Source Security, CISA
09:50 • Hitchhikers' Guide to the Vulniverse - CRob, Security Lorax, Intel
10:15 • Security Initiatives in Community Driven Projects: Looking Ahead with Python and Rust - Deb Nicholson, Python Software Foundation & Rebecca Rumbul, Rust Foundation
10:40 • Finally! Automated End-to-End VEX Streams You Can Trust - Adolfo García Veytia, Stacklok
11:20 • German National Guideline on SOSS-Lifecycle: Community Outreach - Damian Ludwig & Andreas Neth, BSI
11:45 • Exploring a Risk Approach to Software Supply Chain Security - Abdullah Garcia, J.P. Morgan
12:10 • OSS Dependency Health: Towards Maturity and Sustainability Risk Assessment Model - Georg Link & Miguel Ángel Fernández Sánchez, Bitergia; Ana Jiménez Santamaría, Linux Foundation; Wietse Braam, ING BANK
12:35 • The Current State of Open Source Security Compliance Tooling Is … Well, Sad. - Philippe Ombredanne, AboutCode
14:15 • ML Model Signing: Cryptographically Paving the Way to Provenance in Machine Learning Models - Mihai Maruseac, Google
14:40 • Securing Content Distribution with RSTUF, an Incubating OpenSSF Project - Kairo De Araujo, TestifySec & Martin Vrachev, Open Source Contributor
15:05 • Web Developer Security: Best Practices & Beyond - Daniel Appelquist, Samsung
15:20 • Userspace CNI - Developing in the Open with Remaining Secure - Michael O'Reilly, Intel
16:00 • Let Devs Be Devs Without Sacrificing Security - Andrew McNamara, Red Hat
16:25 • Navigating the Quantum Readiness Journey: Open-Source Cryptography, PKI and Signing Tools - Mike Agrenius Kushner, Keyfactor
16:40 • Run GenAI Projects at Scale Securely: From the Operating System to the MLOps Platform - Michelle Tabirao, Canonical
17:15 • Closing Remarks - Katherine Druckman, Open Source Security Evangelist