Philly ETE 2023 — An Open Book Test: Securing Open Source Software With OpenSSF’s Scorecard — Stephen Augustus

by
Tags:
Category:




Abstract

In recent years, pervasive software supply chain attacks have shined a bright light on the long-term sustainability of our open source ecosystems, including attention from enterprises and government agencies across the world.

So if you use, contribute to, or maintain open source software, how can you help?

Use OpenSSF Scorecard!

Scorecard is a tool to help analyze the security posture of open source projects.

In this talk, you’ll learn about how Scorecard works, how it can improve the projects you use, and how YOU can contribute to making our software ecosystem a more secure place.

About Stephen Augustus

Stephen is a Black engineering director and leader in open source communities.

He is the Head of Open Source at Cisco, working within the Strategy, Incubation, & Applications (SIA) organization.

For Kubernetes, he has co-founded transformational elements of the project, including the KEP (Kubernetes Enhancements Proposal) process, the Release Engineering subproject, and Working Group Naming. Stephen has also previously served as a chair for both SIG PM and SIG Azure.

He continues his work in Kubernetes as a Steering Committee member and a Chair for SIG Release.

Across the wider LF (Linux Foundation) ecosystem, Stephen has the pleasure of serving as a member of the OpenSSF Governing Board and the OpenAPI Initiative Business Governing Board.

Previously, he was a TODO Group Steering Committee member, a CNCF (Cloud Native Computing Foundation) TAG Contributor Strategy Chair, and one of the Program Chairs for KubeCon / CloudNativeCon, the cloud native community’s flagship conference.

He is a maintainer for the Scorecard and Dex projects, and a prolific contributor to CNCF projects, amongst the top 40 (as of writing) code/content committers, all-time.

In 2020, Stephen co-founded the Inclusive Naming Initiative, a cross-industry group dedicated to helping projects and companies make consistent, responsible choices to remove harmful language across codebases, standards, and documentation. He leads the Community/Open Source workstream and maintains the initiative’s infrastructure.

He has previously held positions at VMware (via Heptio), Red Hat, and CoreOS.

Stephen is based in New York City.

About the Conference

The Philly Emerging Technologies for the Enterprise (ETE) is the Mid-Atlantic’s premier developer’s conference. Entering its 17th year, we’ve brought world-class speakers — including some local favorites — to speak about leading-edge technologies being used today, and emerging technologies that will be important for attendees to know about in the near future.

Watch More

Check out our YouTube playlist to watch all the talks from Emerging Technologies for the Enterprise 2023.