Panel: Turn Down That Noise: Why the OpenSSF Security Baseline Is Good for Maintainers

Presenters Christopher Robinson Jennifer Power Ben Cotton Stephen Augustus Evan Anderson Source OpenSource SecurityCon NA 2025 Level Up Your Open Source Security: The OpenSSF Security Baseline Explained 🚀 Ever felt like you’re drowning in security checklists and constant requests for information from downstream users? You’re not alone! The world of open-source development is fantastic, but keeping up with security demands can feel like a monumental task. That’s where the OpenSSF Security Baseline comes in, offering a clear, accessible path to fortify your projects and reduce that ever-present burden. ...

November 24, 2025 · 5 min

Spice Check: Building an E2E SLSA Implementation - Adolfo García Veytia, Carabiner Systems

Presenters Adolfo García Veytia Source OpenSource SecurityCon NA 2025 Building Trust, Byte by Byte: A Deep Dive into SLSA and the Ample Policy Engine 🚀 Hey tech enthusiasts! Ever felt that nagging doubt about the security of the software you use, or the code you build? In today’s interconnected digital world, the integrity of our software supply chains is paramount. That’s why the recent talk by Adolfo García of Carabiner Systems at our latest conference was a breath of fresh air, diving deep into SLSA, a powerful security framework for software supply chains, and showcasing how the Ample policy engine makes it all come together. ...

November 24, 2025 · 6 min

Sponsored Keynote: Breaking Up with Long-lived Secrets: Secure Automation in the Mode... Billy Lynch

Presenters Billy Lynch Source OpenSource SecurityCon NA 2025 Long Live Secrets? Let’s Talk Short-Lived Credentials for a More Secure Software Supply Chain! 🚀 Hey tech enthusiasts! Ever felt like managing secrets in your software supply chain is a bit like juggling chainsaws? You want to keep things secure, but sometimes the established practices feel… well, a little less than ideal. That’s exactly the sentiment Billy Lynch, a Software Engineer at Chainbound, shared at a recent tech conference, and it’s a topic that deserves our attention. ...

November 24, 2025 · 4 min

You Can Sign It, But Can You Trust It? Securing the Compilation Process - Yaxuan(Alice) Wen

Presenters Yaxuan(Alice) Wen Source OpenSource SecurityCon NA 2025 Securing the Build: How to Protect Your Software’s Foundation 🛠️ Hey tech enthusiasts! Ever stopped to think about what happens before your favorite software hits your desktop or phone? The journey from source code to a polished application is a complex one, and a critical, yet often overlooked, stage is compilation. Today, we’re diving deep into why this stage is a prime target for attackers and how we can fortify it, thanks to some groundbreaking research presented at a recent tech conference. ...

November 24, 2025 · 6 min

How Secure Is Academic Open Source? Insights From the UC OSPO Network - Juanita Gomez

Presenters Juanita Gomez Source OpenSource SecurityCon NA 2025 Unveiling the Security Secrets of Academic Open Source 🛡️: A Deep Dive into UC System Projects Ever wondered about the security of the open source projects born from our academic institutions? Juanita, a PhD candidate at UC Santa Cruz and a dedicated Python community member, recently pulled back the curtain on the open source landscape within the University of California (UC) system. Her groundbreaking research reveals a picture that’s both fascinating and, frankly, a little concerning when it comes to security best practices. Let’s dive into what she discovered! 🚀 ...

November 24, 2025 · 6 min