Securing Your Software Supply Chain One Open Source Project at a Time
Presented by: Lori Lorusso
Delivering software fast is one piece of the CI/CD puzzle, but delivering it securely is the glue that keeps your puzzle from falling apart. Software supply chain attacks are on the rise with security exploits directly targeting open source projects, central repositories, and software package managers. Now that developers are the target of security attackers, how do you protect your DevOps pipeline?
This is a problem that foundations like the Continuous Delivery Foundation (CDF), OpenSSF, CNCF and OWASP are working to solve.. To help ensure a secure SDLC, these vendor neutral, developer focused communities are investing in projects that provide security solutions. This talk will highlight the importance of securing your software supply chain at the source and how technologists all around the globe are working to solve this problem.