Code hygiene is becoming a hot topic in a world where nobody knows who to trust anymore. The days of not understanding what bits you are consuming are long gone. If we’re working with open source, how does this change our supply chain?
Almost every single product and project relies on other projects to function. Everything from image libraries to encryption to basic networking. Many of these likewise depend on other things, it’s turtles all the way down. Just taking random bits of code you find on the Internet can be dangerous if you don’t know what’s in them.
Keeping track of this is no small task. Once you understand what your supply chain there’s a lot more work to do still. Securing that supply chain means keeping an eye on security updates, looking for security problems, keeping the bits fresh, the list goes on.
This session will discuss what a supply chain is, why you should care about what you’re using. Never before has security and open source been so important to so many. We spend time looking at how to solve these problems, lessons learned, and what’s next in order to keep your supply chain secured.
- Securing the supply chain
- Understanding the open source supply chain
- Securing your supply chain
About Josh Bressers
Josh Bressers is a Security Strategist at Red Hat in the Platform BU. He’s been involved in security for more than 15 years, with a heavy focus on open source. Before hanging up the t-shirt for a shirt with buttons, he spent 11 years with Red Hat Product Security, the group responsible for all of Red Hat’s security update. Josh is currently responsible for Red Hat’s security strategy and articulating that strategy both internally and externally.