icon-carat-right menu search cmu-wordmark

Keynote: Securing the Development and Supply Chain of Open Source Software

Presentation
This keynote presentation by Derek Weeks of The Linux Foundation was given virtually at DevSecOps Days Washington D.C. 2021 on December 16, 2021.
Publisher

Software Engineering Institute

Topic or Tag

Watch

Abstract

Open Source Software (OSS) is being distributed and consumed today on a massive scale through software supply chains. While OSS delivers tremendous benefit in terms of accelerated development and innovation, it is an increasing common target of cyber adversaries. Join Derek for a discussion of how OSS is developed, distributed, maintained, and attacked. Derek will reveal insights on how open source projects with 1.5x more frequent releases and 530x faster open source dependencies upgrades harness this speed to dramatically improve security within their code. He will also share insights on how high performance enterprise software development teams simultaneously boost productivity and security - achieving 15x faster deployments and 26x faster remediation of application security vulnerabilities. Derek then will show how you can apply these exemplary practices to stay a step (or more) ahead of your adversaries using by sharing a set of best practices and attack countermeasures.

Derek serves as a Senior Vice President at the Linux Foundation supporting technology segments including DevOps, security, cloud-native computing and other tech segments. Prior to the Linux Foundation, Derek served as a Vice President at Sonatype where he focused on open source security and championed research for their annual State of the Software Supply Chain Report and DevSecOps Community Survey, six years running. Derek has been named to the DevOps 100 by TechBeacon, distinguished as the DevOps Evangelist of the Year by DevOps.com, and received the Industry Executive of the Year from ATARC.