<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=705633339897683&amp;ev=PageView&amp;noscript=1">

Upstream preview: Life after the xz utils backdoor hack

Kristina Kaldenbach
by Kristina Kaldenbach
on May 29, 2024

Updated on May 31, 2024

Don't miss the latest from Tidelift

Upstream is next week on June 5, and wow, our schedule is shaping up brilliantly. For the rest of this week, we’ll be giving you a sneak preview into some of the talks and the speakers giving them via posts like these. RSVP now!

In late March, our industry dealt with yet another attack on a popular open source project; this time, in the Linux-level package used for file compression called xz utils

What was most sinister about this attack, though, was how deeply it impacted trust within the open source community. The attacker spent years engineering multiple sock puppet accounts to gain the trust of the volunteer xz utils maintainer. The reality is that life for those who create and use open source after xz is going to get tougher. 

In this panel moderated by Tidelift VP of product Lauren Hanford, we’ll talk to Josh Bressers of Anchore; Jordan Harband, prolific Javascript maintainer; Rachel Stephens from RedMonk; Shaun Martin, IT and security management consulting principal from BlackIce; and Terrence Fletcher from Boeing to get a diverse mix of perspectives on how this changes the landscape of open source software supply chain security.

If this conversation peaks your interest, be sure to join us at Upstream on June 5!

RSVP now

About the panelists 

  • Rachel Stephens is a senior analyst with RedMonk, a developer-focused industry analyst firm. She focuses on helping clients understand and contextualize technology adoption trends, particularly from the lens of the practitioner. Her research covers a broad range of developer and infrastructure products.
  • Shaun Martin is the IT and security management consulting principal at BlackIce. She has more than 23 years of experience in the IT security, risk, and compliance operations space. Her goal is to build and cultivate inclusive work environments where people can grow and thrive equally. 
  • Josh Bressers is vice president of security at Anchore where he guides security feature development for the company’s commercial and open source solutions. He is a co-lead of the OpenSSF SBOM Everywhere project, and is a co-founder of the Global Security Database project at the Cloud Security Alliance.
  • Jordan Harband is an open source maintainer, specifically in JavaScript, and the principal open source architect at HeroDevs. He's also a web application developer, database administrator, network engineer, teacher, childcare—he wears many hats. His focus is JavaScript, standards, frontend web development, full stack (frontend + backend + db) architecture design, and overall object oriented code optimization. 
  • Terrence Fletcher is a product security engineer at the Boeing Company where he specializes in vulnerability management, attack surface profiling, and threat intelligence integration. He has over two decades of experience in IT and security, with a strong focus on the defense and intelligence sectors.
New call-to-action