Tune in to learn how to securely use open source software using OpenSSF's S2C2F Framework

Ciara Carey

Sales Engineer

Adrian Diglio

Principal PM Manager

Tune in to learn about how to consume open source securely using S2C2F, an OpenSSF framework donated by Microsoft. Our guest is Adrian Diglio who leads the Secure Software Supply Chain team at Microsoft. Gain insights into leveraging the OpenSSF framework, and learn best practices for secure and efficient open source consumption. This webinar is essential for anybody navigating the landscape of open source security.

Consuming Open Source Securely Using S2C2F

Software Supply Chain Securely

Open Source

S2C2F

Join us as we delve into a real-world zero-day supply chain attack and unpack its implications for any org making software

David Gonzalez

Principal Engineer

A Node.js module with nearly two million downloads a week was compromised after the library was injected with malicious code programmed to steal bitcoins in wallet apps. 
Join us as we delve into a real-world zero-day supply chain attack. Understand the response that followed, and how attacks like this can be mitigated. Learn from David Gonzalez, Principal Engineer at Cloudsmith and Member of the Node.js security working group, as he walks us through the incident.

Understanding Zero-Day Vulnerabilities in Software Supply Chain

Security

Software Supply Chain

Understand SLSA 1.0 and adopt a comprehensive checklist of software supply chain security measures

Alison Sickelka

VP of Product

David Wheeler

Isaac Hepworth

Any organization that has taken on the daunting task of securing their software supply chain knows the challenges, pitfalls and caveats that come with implementing security best practices. SLSA 1.0, a community-backed framework that provides a comprehensive checklist of security controls and standards, is here! So what does it mean for you and your organization?

SLSA 1.0 is Here - What Does it Mean for Your Organization?

Join community leaders to discuss DevOps and Software Supply Chain Security trends for the upcoming year, exploring common and unique insights

Dan McKinney

Chris Hughes

Sam Cochran

Join us as we continue our December conversation and discuss our predictions for DevOps and Software Supply Chain Security for the year ahead with community leaders. We will delve into some common and not-so-common opinions and topics you are likely to hear more and more about as the year progresses.

The State of DevOps - A Look Ahead to 2023

Software supply chain

DevOps

Efficiency

Stay updated with software security insights from industry leaders. Join our panel featuring experts from Puppet and Shopify's advanced DevOps teams, addressing your major queries in an evolving landscape of news, regulations, and tools.

Nigel Kersten

Jacques Chester

There is so much information out there about software security. Every day, there seems to be a new news headline, government regulation, or tool promising to “fix it all”. Do you ever wish you could just peek into how some of the industry’s best dev teams are managing this?
We’ve assembled a panel of experts from the mature DevOps teams of Puppet and Shopify to answer some of your biggest questions

How do mature DevOps teams manage software security?

Software supply chain security

Best practices

An overview of EU cybersecurity regulations and why they're relevant to org using open source software

OSS is incredibly positive - without projects like Docker, Kubernetes, Debian, NGINX, Apache, or others, technological innovation would be painfully slow. Its innovation, ease of use, and zero cost meant that nearly every piece of software contains OSS. OSS is everywhere, including data centres, hospitals, e-commerce, phone networks, mobile devices, and power stations. Last year, the Whitehouse issued an Executive Order after the fallout of SolarWinds. This kickstarted the use of SBOMs, a flurry of new projects to protect the supply chain, and the rise of OpenSSF. - How has the EU responded to Critical Threats in OSS? - Are the threats to the EU different from the USA? - The EU is not 1 country but is made up of 27 countries- how does this affect change? - Let’s look at Ireland as an example country in EU and how it is affected by threats to the OSS supply chain and how the EU helps.

The EU's Efforts to Secure Open Source Software

Regulations

Rising software supply chain attacks shape a new norm for developers and security pros. Growing observability helps preempt disruptions. Cloudsmith and invited experts discuss its impact on supply chain security.

Tom Gibson

Claire Burn

Josh Bressers

Frequent software supply chain attacks are becoming the new normal for developers and security professionals everywhere. Even though it’s still relatively new, observability has continued to gain momentum as a way to identify software supply chain issues before they become a major disruption. Having access to the right data at the right time is necessary to make decisions about priorities.
We’ve assembled a panel of experts from software, security, and data to talk about observability and what it means to your software supply chain security.

Secure Your Software Supply Chain Using Observability

Observability

Learn about Software Bill of Materials, their benefits, and how to generate them

Software supply chain attacks using software vulnerabilities remain a key avenue of initial access for attackers.
Organizations had to scramble to find out if critical vulnerabilities like Log4J were running on their systems. In response, Software Bill of Materials or SBOMs are being quickly adopted by enterprises around the globe, so what are they all about? The Linux Foundation research team revealed that 78% of organizations expect to produce or consume the Software Bill of Materials (SBOMs) in 2022.
Watch this session from DevOps Con NYC to learn about this emerging standard, how it can improve the security of your supply chain, open source tools to help you generate and analyze SBOMs and the future of SBOMs.

SBOMs: The New Standard in Supply Chain Security

SBOM

Join the team at Cloudsmith and Luke Hinds (RedHat/Stacklock) to learn essential tips for starting with software supply chain security 

Adil Leghari

Lee Skillen

Luke Hinds