Zero Privilege Architecture - 3 Years Onward - Thijs Ebbers & Tadeo Sanchez, ING

Presenters Thijs Ebbers Tadeo Sanchez Source OpenSource SecurityCon 2026 🛡️ Beyond Zero Trust: How ING Achieves Zero Breaches with Zero Privilege Architecture Imagine a world where production environments run autonomously, human error is designed out of the system, and security breaches simply don’t happen. For the team at ING, this isn’t a pipe dream—it is their daily reality. In a recent deep dive, Thijs Ebbers (Architect) and Tadeo Sanchez (Lead Engineer) shared the secrets behind their container hosting platform’s success. The numbers speak for themselves: zero security breaches and 100% uptime. 🚀 ...

March 24, 2026 · 5 min

From Mild To Wild: How Hot Can Your SLSA Be? - Andrew McNamara & Adolfo García Veytia

Presenters Andrew McNamara Adolfo García Veytia Source OpenSource SecurityCon 2026 Level Up Your Software Supply Chain: Policy Engines for Attestations and Provenance 🚀 Hey tech enthusiasts! 👋 Ever feel like generating software attestations and provenance is the easy part, but actually using that valuable data feels like a black box? You’re not alone! Andrew McNamara from Red Hat and Adolfo García Veytia (aka “puerco”) from the Kubernetes release engineering team are here to demystify this crucial step. They’re showcasing how policy engines can transform your attestations and provenance into actionable, automated decisions for a more secure software supply chain. ...

March 24, 2026 · 6 min

Tarmageddon: One Bug, Four Forks, and a Disclosure Scavenger Hunt - Marina Moore & Alex Zenla, Edera

Presenters Marina Moore Alex Zenla Source OpenSource SecurityCon 2026 The Unseen Dangers in Open Source: A Deep Dive into a Critical Tar Bug 🐛💻 Hey tech enthusiasts! 👋 Ever wonder what lurks beneath the surface of the open-source software you use every day? Today, we’re diving deep into a fascinating, albeit slightly terrifying, bug that Marina Moore (Head of Research at Ada) and Alex Zenla (CTO of Ada) stumbled upon. This isn’t just about a single bug; it’s a journey into the intricate world of software supply chain security, the complexities of open-source ecosystems, and the often-overlooked responsibilities of project maintainers. 🚀 ...

March 24, 2026 · 7 min

Trust, Tampering, and Transparency: What History Can Teach Us About Open Source... Lisa Tagliaferri

Presenters Lisa Tagliaferri Source OpenSource SecurityCon 2026 From Chained Libraries to Sigstore: What 500 Years of History Teaches Us About Open Source Security 🚀 History and technology often feel like two parallel lines that never meet. However, Lisa Tagliaferri, a medieval and Renaissance historian turned open-source security expert, argues that the two are deeply intertwined. In a recent talk, Lisa shared how the ways we protected information in the 15th century mirror the ways we secure our software supply chains today. ...

March 24, 2026 · 5 min

Lightning Talk: A Case Study in Cross-Ecosystem Security Response - Lori Lorusso, Rust Foundation

Presenters Lori Lorusso Rust Foundation Source OpenSource SecurityCon 2026 🦀 Strength in Numbers: How Cross-Ecosystem Collaboration Saved Rust from a Fishing Attack In the world of open-source, we often talk about code, compilers, and performance. But what happens when the biggest threat isn’t a bug in the software, but a trap for the humans behind it? Lori Lorusso, Director of Outreach for the Rust Foundation, recently shared a compelling case study on how a “super team” of foundations joined forces to thwart a sophisticated phishing campaign. ...

March 24, 2026 · 4 min