One of the most neglected parts of application security is the ingredients that go into developing software. Over 80 percent of code used in enterprise applications comes from open source dependencies, but how much attention goes towards the provenance and security of those packages. And in the pursuit of accelerated software development, developers are leveraging more and more libraries and also code “created” by generative AI algorithms, so how do you prevent defects or malicious payloads from compromising your security.
This is analogous to a restaurant where you invest in modern decor, professional chefs, and world class service. But if you don’t get fresh, quality ingredients delivered daily, the taste and hygiene of the food will suffer and the restaurant won’t be successful. Securing the software supply chain is a huge undertaking for the entire tech industry, and we will talk about some of the ongoing efforts by open source projects, foundations, and corporations to help us all know our ingredients.
This is analogous to a restaurant where you invest in modern decor, professional chefs, and world class service. But if you don’t get fresh, quality ingredients delivered daily, the taste and hygiene of the food will suffer and the restaurant won’t be successful. Securing the software supply chain is a huge undertaking for the entire tech industry, and we will talk about some of the ongoing efforts by open source projects, foundations, and corporations to help us all know our ingredients.
Stephen Chin
JFrog
Stephen Chin is VP of Developer Relations at JFrog and is an avid, participating member of the developer community. He is founder of the Pyrsia open source project, which is a CDF incubating project, written in Rust, and designed to improve supply chain security leveraging next generation technologies. He has also authored several books including The Definitive Guide to Modern Client Development, Raspberry Pi with Java, Pro JavaFX Platform, and most recently DevOps Tools for Java Developers.
Chin supports and advocates on behalf of developers in his roles as chair of the CDF governing board, and as a board member of the CNCF, OpenSSF, and Rust Foundations. He is a featured keynote speaker about DevOps and security for global conferences including swampUP, Devoxx, DevNexus, JNation, JavaOne, Joker, and Open Source India. Combining Chin’s passion for tech and motorcycling has resulted in evangelism tours in Europe, Japan, and Brazil, interviewing hackers in their natural habitat.
His love for coding and developers has been passed down to his daughters who teach kids to code at events like CNCF Kids Day, Devoxx4Kids, OSCON, and Black Girls Code.
Chin supports and advocates on behalf of developers in his roles as chair of the CDF governing board, and as a board member of the CNCF, OpenSSF, and Rust Foundations. He is a featured keynote speaker about DevOps and security for global conferences including swampUP, Devoxx, DevNexus, JNation, JavaOne, Joker, and Open Source India. Combining Chin’s passion for tech and motorcycling has resulted in evangelism tours in Europe, Japan, and Brazil, interviewing hackers in their natural habitat.
His love for coding and developers has been passed down to his daughters who teach kids to code at events like CNCF Kids Day, Devoxx4Kids, OSCON, and Black Girls Code.