Hacking the OSS Supply Chain

Track: Keynote
Abstract

Developers depend upon an ecosystem of open-source technologies that fuel innovation and decrease time to market. A typical business application is composed of >80% open source code, so what happens when the open source software supply chain gets hacked and thousands of enterprises are left exposed to potentially devastating security exploits. The SolarWinds hack is just the tip of the iceberg on a much larger security concern that spans the industry affecting all programming languages, platforms, and cloud services. In this keynote we will expose security holes and exploits in the open source ecosystem as well as propose a system for securing the software supply chain at a fundamental level.

Stephen Chin

Stephen Chin is VP of Developer Relations at JFrog, chair of the CDF governing board, member of the CNCF governing board, and author of The Definitive Guide to Modern Client Development, Raspberry Pi with Java, Pro JavaFX Platform, and the upcoming DevOps Tools for Java Developers title from O’Reilly. He has keynoted numerous conferences around the world including swampUP, Devoxx, JNation, JavaOne, Joker, and Open Source India. Stephen is an avid motorcyclist who has done evangelism tours in Europe, Japan, and Brazil, interviewing hackers in their natural habitat. When he is not traveling, he enjoys teaching kids how to do embedded and robot programming together with his daughters.