Product Engineering

Presenters Juanita Gomez Source OpenSource SecurityCon NA 2025 Unveiling the Security Secrets of Academic Open Source 🛡️: A Deep Dive into UC System Projects Ever wondered about the security of the open source projects born from our academic institutions? Juanita, a PhD candidate at UC Santa Cruz and a dedicated Python community member, recently pulled back the curtain on the open source landscape within the University of California (UC) system. Her groundbreaking research reveals a picture that’s both fascinating and, frankly, a little concerning when it comes to security best practices. Let’s dive into what she discovered! 🚀 ...

Presenters Billy Lynch Source OpenSource SecurityCon NA 2025 Where Do Your Source Attestations Live? Navigating the Labyrinth of Metadata 🗺️ Hey tech enthusiasts! Ever felt like you’re drowning in a sea of metadata, wondering where exactly to stash those crucial source attestations? You’re not alone! At a recent lightning talk, Billy Lynch from Chain Guard dove deep into this very question, exploring strategies for storing and discovering these vital pieces of information. Let’s break down the key takeaways and ponder the future of source attestation storage. 💡 ...

Presenters Ben Cotton Source OpenSource SecurityCon NA 2025 Level Up Your Open Source Security: The OpenSSF Project Security Baseline Explained 🚀 Hey tech enthusiasts! 👋 Ever felt a little overwhelmed by the sheer volume of security advice out there for open source projects? You’re not alone! The good news is, there’s a fantastic initiative making it easier than ever for maintainers to bolster their project’s security, even without a dedicated security team. Let’s dive into the OpenSSF Project Security Baseline and see how it’s revolutionizing open source security hygiene. ...

Presenters Pavel Shukhman Source OpenSource SecurityCon NA 2025 Demystifying the Software Supply Chain: Your Guide to the Transparency Exchange API 🚀 Ever felt like you’re playing a guessing game when it comes to the “ingredients” in your software? You’re not alone! In today’s complex digital world, understanding what goes into our products isn’t just good practice; it’s becoming a necessity, especially with new regulations like the EU CRA on the horizon. This is where the revolutionary Transparency Exchange API (TX API) steps in, promising to transform how we manage and share Software Bills of Materials (SBOMs). ...

Presenters Patrick Zielinski Aditya Sirish A Yelgundhalli Source OpenSource SecurityCon NA 2025 Fortifying Your Code: A Deep Dive into SLSA and GitHub for Unbreakable Software Supply Chains 🚀 In today’s interconnected digital world, the integrity of our software supply chain is paramount. We’ve all heard the alarming stories: compromised GitHub actions, hijacked organizations, and even vulnerabilities in widely used projects like PHP and Juniper. These incidents underscore a critical truth: a breach at the source code level can have devastating ripple effects. But fear not! The open-source community is tirelessly working to build stronger defenses, and at the forefront of this effort are SLSA and GitHub. ...