Securing the Development & Supply Chain of Open Source Software (OSS)

Open Source Software (OSS) is everywhere today. Unfortunately, all software (OSS and not) is under attack. This talk will briefly discuss how OSS is developed & distributed as a supply chain (SC) model, which then gives insights into how OSS is attacked and some countermeasures. We then discuss how OSS developers can develop & distribute secure OSS today, discuss how potential users can select secure OSS (including by looking for those developer practices), and obtain a glimpse at what’s coming in the future.


David Wheeler

Director of Open Source Supply Chain Security @linuxfoundation
Dr. David A. Wheeler is an expert on open source software (OSS) and on developing secure software. His works on OSS include "Publicly Releasing Open Source Software Developed for the U.S. Government", and "Open Source Software is Commercial". He also helped develop the U.S.... Read more Find David Wheeler at:

Thursday May 20 / 09:10AM EDT (40 minutes)

TRACK Building Secure Systems TOPICS SecurityProgramming ADD TO CALENDAR Calendar IconAdd to calendar