cdCon2021 has ended
Back To Schedule
Wednesday, June 23 • 3:50pm - 4:20pm
Moving Beyond CVEs: Why We Need a Strong Security Posture in Open Source? - Alice Chen, Armory & Beth Fuller, Themist

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
At last year's Spinnaker Summit, Beth shared the Security SIG's progress in implementing a Vulnerability Management Process for OSS Spinnaker, and the "why" behind it. Digging more into security has highlighted the importance of implementing and communicating intentional security practices in an OSS project. In this talk, we'll look beyond Spinnaker to explain why having a good security posture means a lot more than just CVEs. What does it look like to shift left in OSS? How does doing so make life easier for the Security Engineer persona? We'll make a case for codifying open source security processes through both automation and governance, and recommend an upstream CI experience to make projects safer and OSS users' lives easier.

avatar for Alice Chen

Alice Chen

Principal Solutions Architect, Armory
A CI/CD expert, Architect, and Automation engineer with over 15 yrs of experience, Alice helped start the Apache Trafodion project when she worked at HP, and was an OpenStack contributor. She later worked at Informatica as a DevOps Engineer for infrastructure, and currently works... Read More →
avatar for Beth Fuller

Beth Fuller

Founder & Head of Product, Themist
Beth (she/her), Head of Product/Spark of Themist, is imagining and building a policy-focused DevOps platform that provides each persona in the software supply chain with a smart, equipped context to get folks up and running quickly, while creating transparency for Security, Finance... Read More →

Wednesday June 23, 2021 3:50pm - 4:20pm EDT
  Spinnaker Summit