Quantum Proofing Sigstore: A Tale of Three Approaches - Kevin Conner & Firas Ghanmi, Red Hat

Presenters Kevin Conner Firas Ghanmi Source OpenSource SecurityCon 2026 Quantum-Proofing Sigstore: Three Bold Approaches to Secure Our Software Supply Chain 🚀 The digital world runs on trust, and in the realm of software, that trust increasingly relies on robust supply chain security. Sigstore stands as a critical pillar, ensuring the integrity and authenticity of software artifacts. But what happens when the very foundations of our cryptographic security are threatened? Enter quantum computing – a game-changer that could render today’s most secure algorithms obsolete. ...

March 24, 2026 · 8 min

Simplifying Global Compliance for CNCF Projects With the OpenSSF OSPS Baseline - Madalin Neag

Presenters Madalin Neag Source OpenSource SecurityCon 2026 Navigating the Global Compliance Maze: How OpenSSF OSPO’s Baseline Simplifies Security for Open Source 🌐🛡️ The world of open source software is a vibrant, collaborative engine powering critical infrastructure across the globe. From finance and healthcare to transportation and energy, open source projects are the unsung heroes. But as these projects grow in importance, so does the scrutiny they face, particularly regarding security and compliance. Madalin Neag, an EU Policy Advisor at OpenSSF, sheds light on the increasingly complex regulatory landscape and introduces a powerful solution: the OpenSSF OSPO’s Baseline. ...

March 24, 2026 · 6 min

Zero Privilege Architecture - 3 Years Onward - Thijs Ebbers & Tadeo Sanchez, ING

Presenters Thijs Ebbers Tadeo Sanchez Source OpenSource SecurityCon 2026 🛡️ Beyond Zero Trust: How ING Achieves Zero Breaches with Zero Privilege Architecture Imagine a world where production environments run autonomously, human error is designed out of the system, and security breaches simply don’t happen. For the team at ING, this isn’t a pipe dream—it is their daily reality. In a recent deep dive, Thijs Ebbers (Architect) and Tadeo Sanchez (Lead Engineer) shared the secrets behind their container hosting platform’s success. The numbers speak for themselves: zero security breaches and 100% uptime. 🚀 ...

March 24, 2026 · 5 min

From Mild To Wild: How Hot Can Your SLSA Be? - Andrew McNamara & Adolfo García Veytia

Presenters Andrew McNamara Adolfo García Veytia Source OpenSource SecurityCon 2026 Level Up Your Software Supply Chain: Policy Engines for Attestations and Provenance 🚀 Hey tech enthusiasts! 👋 Ever feel like generating software attestations and provenance is the easy part, but actually using that valuable data feels like a black box? You’re not alone! Andrew McNamara from Red Hat and Adolfo García Veytia (aka “puerco”) from the Kubernetes release engineering team are here to demystify this crucial step. They’re showcasing how policy engines can transform your attestations and provenance into actionable, automated decisions for a more secure software supply chain. ...

March 24, 2026 · 6 min

Panel: It’s Not If, It’s When - Practical Preparation for the Next Software Supply Chain Attack

Presenters Hannah Foxwell Justin Cormack Sal Kimmich Erika Heidi Josh Bressers Source OpenSource SecurityCon 2026 Navigating the Storm: Practical Strategies for Modern Supply Chain Security 🛡️ The digital landscape is a battlefield, and the supply chain is the new frontier. From the chilling lyrics of a song about relentless attacks to the serious discussions of industry leaders, one thing is clear: the threat to our software supply chains is real, it’s evolving, and we need practical strategies to defend ourselves. This panel brought together some brilliant minds to tackle this critical issue, and here’s a breakdown of their insights. ...

March 24, 2026 · 5 min