Securing Your Software Supply Chain One Open Source Project at a Time

Track: Security

Abstract

Delivering software fast is one piece of the CI/CD puzzle, but delivering it securely is the glue that keeps your puzzle from falling apart. Software supply chain attacks are on the rise with security exploits directly targeting open source projects, central repositories, and software package managers. Now that developers are the target of security attackers, how do you protect your DevOps pipeline? This is a problem that the Continuous Delivery Foundation (CDF) is working to solve.. To help ensure a secure SDLC, the CDF is investing in projects that provide security solutions and in 2022 announced a new incubating project, Pyrsia. This talk will highlight the importance of securing your software supply chain at the source and how Pyrsia is working to solve this problem.

Lori Lorusso

Lori is the Open Source Program Manager at JFrog. She has a passion and enthusiasm for working with the developer community. She has traveled across the globe attending conferences and community events advocating on behalf of developers and spoke at CD Mini Summit at the Open Source Summit Europe, Devoxx Morocco and the CD Summit at Kubecon. Lori was appointed Chair of the CDF Outreach Committee and has active roles within the CNCF and OpenSSF outreach committees. She is a co-organizer of VJUG and frequently volunteers to support other JUGs at virtual and in person events. Lori has also had community focused articles published in The New Stack, VMBlog and eWeek.

Ixchel Ruiz

Ix-chel Ruiz has developed software application & tools since 2000. Her research interests include Java, dynamic languages, client-side technologies and testing. Java Champion, CDF Ambassador, hackergarten enthusiast, Open Source advocate, public speaker and mentor.