We’re excited to see you all next week in Vancouver for OSSummit NA. Open Source Summit is one of the largest gatherings of open source developers and leaders. The event features a diverse set of tracks and many adjacent co-located days for attendees to choose from.
In particular, we’re excited for SupplyChain Security Con as part of the main conference. You can also catch us speaking at OpenSSF Day, cdCon and SPDX 3.0 Tooling Mini Summit.
Open Source Summit NA | May 10 – 12
Open Source Summit is the place to be for everyone involved in open source. We’re looking forward to collaborating on technologies and issues affecting open source security right now.
Make sure you check out the SupplyChainSecurityCon track on May 11 & 12; it features all our favorite projects and topics (SLSA, Sigstore, SBOMs), including real-world use cases. We were thrilled to be able to contribute to making Javascript secure by default and we look forward to this session with Trevor Rosen and Zach Steindler of Github on the lessons learned from Npm's Sigstore integration.
Wednesday, May 10
1:40pm PT: Ask the Expert: Tracy Miranda, Chainguard
Sit down with Tracy to gain knowledge 1:1 and ask all your pressing questions about Software Supply Chain Security, Sigstore, SBOM & SLSA. No sign-up necessary— just stop by the round tables in the West Level 1 (Ocean Foyer).
OpenSSF Day | May 10
Wednesday, May 10
12:05pm PT: What's New in the World of SBOMs?
Join our very own Adolfo ‘Puerco’ Garcia Veytia as he joins an esteemed panel to give you all the latest on SBOMs.
cdCon + GitOpsCon | May 8 – 9
Tuesday, May 9
12:40pm PT: Tekton Project Summit - Andrea Frittoli, IBM & Billy Lynch, Chainguard
4:30pm PT: Identity-based Source Integrity with Gitsign - Billy Lynch, Chainguard
SPDX 3.0 Tooling Mini Summit | May 9
This event will gather tooling operators and focus discussion around the new SPDX 3.0 model and specification as it pertains to tools that generate and consume SPDX documents. Topics will include SPDX 3.0 overview, migration from 2.x, profiles for license compliance, security and AI use cases, OpenVEX and more.
If you are a tooling operator, maintainer or developer interested in the best way to utilize the SPDX 3.0 specification, particularly in the wake of the Biden Administration's Executive Order 14028, this event is for you! Details here.
We hope to see you at these events next week! Message us on social media to let us know if you’ll be attending. We’d love to connect and talk about being secure-by-default with core OSS projects we support like Sigstore, Kubernetes, Wolfi & more!
