Pearse O'Donohue
DG CONNECT
Biography
Organisation
DG CONNECT
European Commission
Speaker session
PLENARY 4 : Securing the Open-Source Frontier: Navigating Supply Chain Risks
Open-source components are literally everywhere in the digital infrastructure, products and services. The modern ecosystem offers a wealth of advantages for an open-source software developer, enabling fast, permission-less innovation However, incorporating third-party code, even from trusted sources, introduces an element of uncertainty. This uncertainty is precisely where supply chain attacks come into play and underscore the need for a proactive approach to security.
When contributing to or relying on open-source or any software development projects, it is essential to consider the integrity of the entire supply chain and ensure that all contributors across the chain adhere to best security practices. Collaborative efforts within the open-source community, such as code audits and timely updates, are essential in maintaining a robust defence against supply chain threats.
The panel will bring together experts in the area of software supply chain, open source and the software industry. It will discuss how open source empowers developers, but also obliges them to be vigilant guardians of the software supply chain and how, balancing the benefits with the risks, security measures are essential to uphold the trust placed in open-source development.
Moderated by Mirko Presser, Associate Professor, Aarhus University
Philippe Ombredanne
nexB Inc.
Biography
Philippe Ombredanne is a FOSS hacker on a mission to make it easier and safer to reuse FOSS code. He is the maintainer of ScanCode, the industry standard licence detection tool, and other open-source tools for software composition analysis and licence & security compliance at AboutCode.org.
Philippe is the project lead in two supply chain projects funded by NGI0: FOSS Code Supply Chain Assurancewhich is building a new system to help verify the integrity of deployed code packages and validate their origin with external data sources, with the potential to mitigate attacks on open-source packages supply chains such as detecting if a package in use is matching verified code by matching source and binaries exactly and approximately; and Free Software Vulnerability Database which is a resource set up to aggregate software updates.
Organisation
nexB Inc.
SME
We are on a mission to make it easier to reuse free and open source software to build better apps and system, faster and more efficiently. For this we are creating the best-in-class open source tools and open data for software origin, license and security determination to help secure your software supply chain.
Speaker session
PLENARY 4 : Securing the Open-Source Frontier: Navigating Supply Chain Risks
Open-source components are literally everywhere in the digital infrastructure, products and services. The modern ecosystem offers a wealth of advantages for an open-source software developer, enabling fast, permission-less innovation However, incorporating third-party code, even from trusted sources, introduces an element of uncertainty. This uncertainty is precisely where supply chain attacks come into play and underscore the need for a proactive approach to security.
When contributing to or relying on open-source or any software development projects, it is essential to consider the integrity of the entire supply chain and ensure that all contributors across the chain adhere to best security practices. Collaborative efforts within the open-source community, such as code audits and timely updates, are essential in maintaining a robust defence against supply chain threats.
The panel will bring together experts in the area of software supply chain, open source and the software industry. It will discuss how open source empowers developers, but also obliges them to be vigilant guardians of the software supply chain and how, balancing the benefits with the risks, security measures are essential to uphold the trust placed in open-source development.
Moderated by Mirko Presser, Associate Professor, Aarhus University
Catarina Pereira
Martel Innovate
Biography
Catarina Pereira is a Senior Dissemination and Communication Specialist at Martel Innovate BV. Catarina’s career path started with marketing account management and press consultancy. Before joining Martel, she worked as a Dissemination and Communication team leader and project manager of many Horizon 2020 and Horizon Europe projects in several topics, while co-writing proposals and training her team on Dissemination and Communication management. Currently at Martel, Catarina leads the Communication Task Forces of EUCloudEdgeIoT.eu and Next Generation Internet.
Catarina has a degree in Languages Applied to Business Relations and a bachelor in Communication Sciences from the University of Porto. She speaks Portuguese, Spanish and English.
Organisation
Martel Innovate
Corporate
Martel is a dynamic Swiss-based consultancy with more than 20 years' experience managing innovation projects across Europe and worldwide.
Speaker session
PLENARY 4 : Securing the Open-Source Frontier: Navigating Supply Chain Risks
Open-source components are literally everywhere in the digital infrastructure, products and services. The modern ecosystem offers a wealth of advantages for an open-source software developer, enabling fast, permission-less innovation However, incorporating third-party code, even from trusted sources, introduces an element of uncertainty. This uncertainty is precisely where supply chain attacks come into play and underscore the need for a proactive approach to security.
When contributing to or relying on open-source or any software development projects, it is essential to consider the integrity of the entire supply chain and ensure that all contributors across the chain adhere to best security practices. Collaborative efforts within the open-source community, such as code audits and timely updates, are essential in maintaining a robust defence against supply chain threats.
The panel will bring together experts in the area of software supply chain, open source and the software industry. It will discuss how open source empowers developers, but also obliges them to be vigilant guardians of the software supply chain and how, balancing the benefits with the risks, security measures are essential to uphold the trust placed in open-source development.
Moderated by Mirko Presser, Associate Professor, Aarhus University