logo
securityArticlesConferencesPresentations

Panel Discussion: Summing Up the Summit: OpenSSF’s May 2022 Gathering and Action Plan

Conference:  SupplyChainSecurityCon 2022

2022-06-22

Authors:   David Wheeler, Brian Behlendorf, Trey Herr, Amelie Koran

Summary

The panel discussion summarizes the OpenSSF summit held in May 2022, which aimed to develop a mobilization plan for securing the open source ecosystem. The discussion focuses on the attitudes and progress of open source software security in the federal government and the input of developers and maintainers to the OpenSSF summit and mobilization plan.
  • The panelists introduce themselves and their backgrounds in technology and policy.
  • The Cyber Statecraft Initiative at the Atlantic Council has been working on software supply chain issues since 2019 and is collaborating with OpenSSF to bring more policy attention to open source security.
  • The OpenSSF mobilization plan includes ten work streams that prioritize different areas of open source security.
  • The panelists discuss the importance of prioritization and government demand signals in the mobilization plan.
  • The panelists also emphasize the need for more community engagement and volunteer contributions to the work streams.
  • The panelists reflect on the historical context of open source security and the usefulness of an S-bomb in incident response.
The panelists recall the Heartbleed incident in 2014 as a wake-up call for the importance of open source security. The literacy of open source software has increased over time, but there is still a need for more awareness and engagement from both government and community stakeholders.

Abstract

Join representatives from the Atlantic Council’s Cyber Statecraft Initiative and OpenSSF for a discussion about the summit held by OpenSSF in Washington DC on May 12 and 13, assembling representatives from industry and government to develop its mobilization plan for better securing the open source ecosystem. This discussion will pay special attention to attitudes toward and progress on open source software security in the federal government and the input of developers and maintainers to the OpenSSF summit and mobilization plan.
Materials:
Tags:
Open Source
software security
federal government
Developers
maintainers

Post a comment

Related work

Cloud Native Security Landscape: Myths, Dragons, and Real Talk - Edd Wilder

Conference:  Cloud Native SecurityCon North America 2023
Authors: Edd Wilder-James, Kim Lewandowski, Isaac Hepworth, Loris Degioanni, Randall Degges

Building Cyber Security Strategies for Emerging Industries in Sub Saharan Africa

Conference:  BlackHat USA 2020
Authors:
2020-08-06