logo

What Role Do Package Registries Have in Securing the Supply Chain?

2022-06-22

Authors:   Margaret Tucker, Justin Colannino


Abstract

This interactive session will discuss the important role of package registries in securing the open source software supply chain, as well as best practices and guiding principles for a secure package registry ecosystem. Maintainers have been managing risk in their ecosystems since the start and are the first line of defense for ecosystem code quality. But package registries also have a responsibility to protect developers depending on their package ecosystem and, ultimately, the end-users of the software. This responsibility to maintain safety and reliability must be balanced against the freedom and creativity of package maintainers whose skill, innovation, and gumption allow others to accomplish great things.

Materials:

Post a comment

Related work

Authors: Jesse Sanford, Jason Hall
2022-10-26