Session: OSS Supply Chain Security: drowning in information, while starving for wisdom?
Recent attacks and executive orders have brought enormous focus to the state of the software supply chain for open source projects. Long overdue and important security work is starting to land in various critical upstream projects, generating more information about how direct and transitive dependencies are built and what CVEs they might be vulnerable to. In this keynote, Bob will discuss the opportunities and challenges in OSS in the near future where supply chain information may be more widely available but actionable knowledge for developers and operators may still be difficult to obtain.
