Upstream is next week on June 5, and wow, our schedule is shaping up brilliantly. For the rest of this week, we’ll be giving you a sneak preview into some of the talks and the speakers giving them via posts like these. RSVP now!
These days, secure by design is a fundamental concept when it comes to software development and security—it’s crucial in the open source software supply chain. The secure by design model often involves a thoroughness when it comes to vetting software ingested, vulnerability prevention, transparency (such as Software Bills of Materials, or SBOMS), and a general responsibility for the security and maintenance of an organization’s software applications. With those components in mind, it’s no wonder that open source software plays a critical role.
Recently, Tidelift signed the Cybersecurity and Infrastructure Security Agency (CISA) Secure by Design pledge. This Secure by Design pledge event, publicly held at the RSA conference in San Francisco on May 8th of this year, brought together companies and industry leaders to declare their efforts to work towards a more secure software supply chain, all while publicly documenting their progress.
This industry-wide effort to improve the nation’s cybersecurity is a promising step towards building security into our technology product proactively, rather than bolting it on as an aftermarket capability, and we’re so excited to announce that we’ll be welcoming two of CISA’s leading cybersecurity experts at Upstream this year!
Aeva Black, Section Chief for Open Source Security at CISA, and Jack Cable, Senior Technical Advisor at CISA, will be breaking down the details of Secure by Design, how it’s inspired by historical design-first initiatives, and how CISA is working with industry leaders to proactively improve business’ cybersecurity practices while working with and seeking feedback from the open source community.
Tidelift CEO and co-founder Donald Fischer hosts, and together they will be discussing next steps, desired outcomes, and how organizations can start securing the future of the software supply chain by working side-by-side with open source maintainers. If you’re looking to learn more about how the Secure by Design initiative was shaped and the actions organizations can take to start their journey into open source, you won’t want to miss this talk at Upstream on Wednesday, June 5.
Aeva Black is the Section Chief for Open Source Security at the U.S. Cybersecurity and Infrastructure Security Agency, and an open source hacker and international public speaker with 25 years of experience building digital infrastructure and leading open source projects. They previously served on the OpenSSF Technical Advisory Committee, OpenStack Technical Committee, Kubernetes Code of Conduct Committee, and led open source security strategy within the Microsoft Azure Office of the CTO. In their spare time, Aeva serves on the Board of the Open Source Initiative and enjoys riding motorcycles and supporting the local LGBTQ+ community.
Jack Cable is a Senior Technical Advisor at CISA, where he helps lead the agency's work on open source software security and Secure by Design. At CISA, Jack authored CISA's Open Source Software Security Roadmap and has co-led community efforts to standardize the security of package repositories. Prior to that, Jack worked as a TechCongress Fellow for the Senate Homeland Security and Governmental Affairs Committee, advising Chairman Gary Peters on cybersecurity policy, including election security and open source software security. There, Jack was the principal author of the Securing Open Source Software Act. He previously worked as a Security Architect at Krebs Stamos Group. Jack also served as an Election Security Technical Advisor at CISA, where he created Crossfeed, a pilot to scan election assets nationwide. Jack is a top bug bounty hacker, having identified over 350 vulnerabilities in hundreds of companies. After placing first in the Hack the Air Force bug bounty challenge, he began working at the Pentagon’s Defense Digital Service. Jack holds a bachelor’s degree in Computer Science from Stanford University and has published academic research on election security, ransomware, and cloud security.