Adriana Groh
Sovereign Tech Fund
Biography
Adriana Groh is a co-founder of the Sovereign Tech Fund, a new programme with the German Federal Ministry for Economic Affairs and Climate Action set up to invest in open digital infrastructures. Previously, she developed a project on digital sovereignty, participation and data commons at The New Institute in Hamburg, and was director of the Prototype Fund, an innovation fund of the Open Knowledge Foundation and the German Federal Ministry of Education and Research.
Her interest lies in applying democratic principles to the field of innovation and digitalisation, which led her to co-initiate several tech projects, such as a chat app for the 2017 and 2021 federal elections in Germany and the #WeVsVirus Hackathon 2020 which saw close to 30 000 participants involved.
Organisation
Sovereign Tech Fund
Local/national government
The Sovereign Tech Fund supports the development, improvement and maintenance of open digital infrastructure. Our goal is to sustainably strengthen the open source ecosystem. We focus on security, resilience, technological diversity, and the people behind the code.
Speaker session
PLENARY 4 : Securing the Open-Source Frontier: Navigating Supply Chain Risks
Open-source components are literally everywhere in the digital infrastructure, products and services. The modern ecosystem offers a wealth of advantages for an open-source software developer, enabling fast, permission-less innovation However, incorporating third-party code, even from trusted sources, introduces an element of uncertainty. This uncertainty is precisely where supply chain attacks come into play and underscore the need for a proactive approach to security.
When contributing to or relying on open-source or any software development projects, it is essential to consider the integrity of the entire supply chain and ensure that all contributors across the chain adhere to best security practices. Collaborative efforts within the open-source community, such as code audits and timely updates, are essential in maintaining a robust defence against supply chain threats.
The panel will bring together experts in the area of software supply chain, open source and the software industry. It will discuss how open source empowers developers, but also obliges them to be vigilant guardians of the software supply chain and how, balancing the benefits with the risks, security measures are essential to uphold the trust placed in open-source development.
Moderated by Mirko Presser, Associate Professor, Aarhus University
Anthony Harrison
APH10
Biography
Anthony Harrison is an experienced independent consultant from the UK delivering and securing mission critical systems. He founded and is currently the director of APH10, a consultancy focused on helping organisations manage software risks more effectively.
He has been involved in promoting the software bill of materials (SBOM) since 2021 as a way of supporting vulnerability management, and taken part in various working groups related to SBOM, including the SBOM Forum, SPDX Defects and OpenSSF SBOM Everywhere initiative.
Anthony has also been actively promoting open-source for many years and regularly contributes to an increasing number of related projects.
Organisation
APH10
Start-up
APH10 was founded in 2022 to help organizations identify, assess, and mitigate software risks, especially those related to security and resilience.
Currently developing a product to reduce the time and effort required to assess and manage software vulnerabilities by providing an automated process which prioritises the vulnerabilities.
Speaker session
PLENARY 4 : Securing the Open-Source Frontier: Navigating Supply Chain Risks
Open-source components are literally everywhere in the digital infrastructure, products and services. The modern ecosystem offers a wealth of advantages for an open-source software developer, enabling fast, permission-less innovation However, incorporating third-party code, even from trusted sources, introduces an element of uncertainty. This uncertainty is precisely where supply chain attacks come into play and underscore the need for a proactive approach to security.
When contributing to or relying on open-source or any software development projects, it is essential to consider the integrity of the entire supply chain and ensure that all contributors across the chain adhere to best security practices. Collaborative efforts within the open-source community, such as code audits and timely updates, are essential in maintaining a robust defence against supply chain threats.
The panel will bring together experts in the area of software supply chain, open source and the software industry. It will discuss how open source empowers developers, but also obliges them to be vigilant guardians of the software supply chain and how, balancing the benefits with the risks, security measures are essential to uphold the trust placed in open-source development.
Moderated by Mirko Presser, Associate Professor, Aarhus University
Irene Hernandez
Gataca
Biography
Described by Forbes as one of the ‘21 leaders of change’ in 2021, Irene Hernandez is an entrepreneur, sought-after speaker and educator, who has cemented her work in the world of cybersecurity and blockchain technologies. As the founder and CEO of GATACA, she is defining a new decentralised identity architecture for the internet, empowering individuals and businesses to take control of their data and safeguard their privacy.
Irene is a seasoned professional with over 15 years of experience advising multinational corporations on IT strategies, bringing an in-depth understanding of the challenges facing today’s digital world. Her research on decentralised identity technologies and self-regulated energy financing systems at MIT, where she earned an MBA, has earned her recognition as a thought leader in the industry.
Organisation
Gataca
Start-up
Gataca is a cybersecurity company leader in decentralized identity management technology. Its mission is to develop highly secure digital identities that are privacy-preserving, user-friendly, and effortlessly integrated into existing systems. Since its inception at MIT in 2017, Gataca has developed a decentralized identity solution that streamlines the issuance, verification, and management of identity credentials in a simple, compliant, and secure manner, positioning itself as the most mature full-stack platform and interoperable infrastructure provider.
Speaker session
PLENARY 4 : Securing the Open-Source Frontier: Navigating Supply Chain Risks
Open-source components are literally everywhere in the digital infrastructure, products and services. The modern ecosystem offers a wealth of advantages for an open-source software developer, enabling fast, permission-less innovation However, incorporating third-party code, even from trusted sources, introduces an element of uncertainty. This uncertainty is precisely where supply chain attacks come into play and underscore the need for a proactive approach to security.
When contributing to or relying on open-source or any software development projects, it is essential to consider the integrity of the entire supply chain and ensure that all contributors across the chain adhere to best security practices. Collaborative efforts within the open-source community, such as code audits and timely updates, are essential in maintaining a robust defence against supply chain threats.
The panel will bring together experts in the area of software supply chain, open source and the software industry. It will discuss how open source empowers developers, but also obliges them to be vigilant guardians of the software supply chain and how, balancing the benefits with the risks, security measures are essential to uphold the trust placed in open-source development.
Moderated by Mirko Presser, Associate Professor, Aarhus University