A Community Approach to OSS Distribution

Track: Security
Abstract
There are a variety of different attacks on the open source supply chain, including exploitation of zero day vulnerabilities, injection of malicious code or back-doors, and typo-squatting of popular libraries. And the systems that we rely upon for the distribution of OSS were not designed with a security mindset to prevent these sorts of attacks. There has to be a better way for open source authors and maintainers to securely deliver their packages to end users! Enter Pyrsia, a new software distribution system that is decentralized, community-driven, foundation governed, and built with a security first focus. In this presentation we will talk about how Pyrsia is designed, how you can use it to distribute and consume software packages, and how you can get involved in the Pyrsia community to grow the library of OSS software available freely and securely for all.
Stephen Chin
Stephen Chin is VP of Developer Relations at JFrog, chair of the CDF governing board, member of the CNCF and OpenSSF governing boards, and author of The Definitive Guide to Modern Client Development, Raspberry Pi with Java, Pro JavaFX Platform, and the DevOps Tools for Java Developers title from O'Reilly. He has keynoted numerous conferences around the world including swampUP, Devoxx, JNation, JavaOne, Joker, and Open Source India. Stephen is an avid motorcyclist who has done evangelism tours in Europe, Japan, and Brazil, interviewing hackers in their natural habitat. When he is not traveling, he enjoys teaching kids how to do embedded and robot programming together with his daughters.