Upstream is next week—June 7!—and wow, our schedule is shaping up brilliantly. Over the next few weeks we’ll share more details about the amazing speaker lineup. RSVP now!
One idea that runs clear throughout many of our talks at Upstream this year is the absolute need to make this open source supply chain less accidental. No one can deny that there have been an increasing number of cybersecurity threats—think Log4Shell, SolarWinds, the attack on the Colonial Pipeline.
And in the wake of these cybersecurity threats, government and industry alike are developing new standards, requirements, and guidelines that they expect open source software to meet.
The good news: this increased attention on open source software security will hopefully produce more resilient software. The bad news: Who exactly do we expect to do that work? The unpaid volunteer maintainer who finds themselves a part of an accidental supply chain?
That’s why having Allan Friedman join our lineup of keynote speakers at Upstream is vital. Allan Friedman is Senior Advisor and Strategist at the Cybersecurity and Infrastructure Security Agency. He coordinates the global cross-sector community efforts around software bill of materials (SBOM).
Allan was previously the Director of Cybersecurity Initiatives at NTIA, leading pioneering work on vulnerability disclosure, SBOM, and other security topics. Prior to joining the Federal government, Friedman spent over a decade as a noted information security and technology policy scholar at Harvard’s Computer Science department, the Brookings Institution, and George Washington University’s Engineering School. He is the co-author of the popular text Cybersecurity and Cyberwar: What Everyone Needs to Know, has a C.S. degree from Swarthmore College and a Ph.D. from Harvard University.
We’re excited to hear directly from Allan himself on how he is viewing the topic of the accidental supply chain.