The importance of maintaining secure software supply chain and mitigating the risk of personnel attrition in DevOps and Cybersecurity
- Trust is hard to establish in the DevOps ecosystem, especially for solo maintainers
- Invest in engineering resources and ensure personal security to mitigate the risk of hacks and attacks
- Bring other people into the inner circle and the maintainer track to share responsibilities and prevent catastrophic attrition
- Create processes to mitigate the lottery factor for solo maintainers
- Maintainers are the secure software supply chain and critical to preventing bad middleware and potential CVEs
- The story of npm event stream and the crypto bandit illustrates the importance of single maintainers in the broader secure software supply chain
John McBride is a single maintainer for Cobra; a Go command line bootstrapping library and core dependency for many CNCF projects, including Kubernetes, Helm, Etcd, Istio, Linkerd, and many more. John will discuss the challenges of being a single maintainer on such an important project, the lottery factor, the need for contributor community, and the secure software supply chain implications this has for the entire CNCF ecosystem.Click here to view captioning/translation in the MeetingPlay platform!