OpenSource SecurityCon 2026

Presenters Yongjae Chung Justin Cappos Source OpenSource SecurityCon 2026 🛡️ Beyond the Green Checkmark: Securing Source Code with git-tough Source code serves as the foundation of our digital world, yet it remains an ideal target for attackers. We often trust the platforms where we host our code, but what happens when that trust is misplaced? At a recent tech talk, Justin Cappos (creator of TUF and in-toto) and Yongjae Chung (Master’s student and contributor) introduced git-tough, an incubating project under the OpenSSF designed to bring industrial-grade security directly into your Git workflow. ...

Presenters Lisa Tagliaferri Source OpenSource SecurityCon 2026 From Chained Libraries to Sigstore: What 500 Years of History Teaches Us About Open Source Security 🚀 History and technology often feel like two parallel lines that never meet. However, Lisa Tagliaferri, a medieval and Renaissance historian turned open-source security expert, argues that the two are deeply intertwined. In a recent talk, Lisa shared how the ways we protected information in the 15th century mirror the ways we secure our software supply chains today. ...

Presenters Lori Lorusso Rust Foundation Source OpenSource SecurityCon 2026 🦀 Strength in Numbers: How Cross-Ecosystem Collaboration Saved Rust from a Fishing Attack In the world of open-source, we often talk about code, compilers, and performance. But what happens when the biggest threat isn’t a bug in the software, but a trap for the humans behind it? Lori Lorusso, Director of Outreach for the Rust Foundation, recently shared a compelling case study on how a “super team” of foundations joined forces to thwart a sophisticated phishing campaign. ...

Presenters Lin Sun Solo.io Yi Yang IBM Source OpenSource SecurityCon 2026 🔐 Secure Your AI: Mastering MCP Server Security with OAuth, JWT, and Spiffe Welcome to Amsterdam! 🇳🇱 At the recent conference, Lin Sun (Head of Open Source at Solo.io) and Yi Yang (IBM) took the stage to tackle one of the most pressing challenges in the burgeoning world of AI agents: How do we move Model Context Protocol (MCP) servers from local experiments to secure, production-ready Kubernetes deployments? ...