Panel: Life after the xz utils backdoor hack
12:35 PM - 1:20 PM EST
In late March, we all dealt with yet another attack on a popular open source project; this time, in the Linux-level package used for file compression called xz utils. What was most sinister about this attack, though, was how deeply it impacted trust within the open source community. The attacker spent years engineering multiple sock puppet accounts to gain the trust of the volunteer xz utils maintainer. In this panel moderated by Tidelift VP of product Lauren Hanford, we’ll talk to Josh Bressers of Anchore; Shaun Martin of BlackIce; Jordan Harband, prolific Javascript maintainer; Rachel Stephens from RedMonk; and Terrence Fischer from Boeing to get a diverse mix of perspectives on how this changes the landscape of open source software supply chain security.
Fireside chat: How a large Canadian telecommunications organization built an OSPO
2:15 PM - 2:35 PM EST
When this Canadian telecommunications’ corporate security team came up with directives and policies, they realized that many of these security directives were around open source—and there was no shared foundation in IT on how to follow them. There was no support, tooling, guidance around licensing. This was back in 2019, long before Log4Shell shook the world. This telecommunications company knew that they wanted to leverage the strategic advantages of open source to compete in the telecom market, so they decided to build a process around open source internally, and the OSPO was created. In this fireside chat, Tidelift VP of product Lauren Hanford sits down with Aisha Gautreau, who leads the OPSO at this large Canadian telecommunications company, to hear about the journey of this nascent OSPO and what advantages they have leveraged so far.
