October 11, 2021
Los Angeles, California + Virtual
View More Details & Registration

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon North America 2021 - Los Angeles, CA + Virtual and add this Co-Located event to your registration to participate in these sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Pacific Standard Time (PST), UTC -7. To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change.

IMPORTANT NOTE: Timing of sessions and room locations are subject to change through Monday, September 13 due to schedule changes that will be made as speakers finalize whether speaking in person or virtually.

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Lightning Talk [clear filter]
Monday, October 11

1:35pm PDT

5G and Challenges with Software Supply Chain Security - Fatih Degirmenci, Ericsson
The new technologies such as cloud, containers, virtual & cloud native network functions result in tremendous advances in the telecommunications industry.
With the help of these new technologies, the 5G networks that are currently being rolled out all around the world are developed rapidly in heavily disaggregated manner, allowing communications service providers to introduce new services to their users much faster than before.

However, the new technologies and resulting disaggregation is not without their challenges and the security of the software supply chain is one of them.
The components that are part of the 5G networks originate from multiple sources, including but not limited to vendors and open source communities with many integration points and deployed into different environments such as public and private clouds, increasing the risk of breaking the chain of trust.

This session will give a short overview of the next generation telecommunications networks, highlight the challenges, and talk about the opportunities to tackle them in a collaborative manner.

avatar for Fatih Degirmenci

Fatih Degirmenci

General Manager, Continuous Delivery Foundation
Fatih joined the Linux Foundation to lead the CDFoundation. Fatih specializes in infrastructure, automation, CI/CD and DevOps and involved in several CI/CD initiatives across open source as contributor, maintainer, and project technical lead.Before joining the Linux Foundation, Fatih... Read More →

Monday October 11, 2021 1:35pm - 1:50pm PDT
Room 403AB + Online Los Angeles Convention Center - 1201 S. Figueroa Street, Los Angeles, CA 90015

1:50pm PDT

PyPI Supply Chain Security - Dustin Ingram, Python Software Foundation
The Python Package Index (PyPI) is one of the oldest software repositories for a language ecosystem and the canonical place to publish Python code. It serves more than 2 billion requests a day, and is almost entirely supported by volunteers and the non-profit Python Software Foundation.

In this talk, we'll review some recent supply-chain attack and how they relate to PyPI specifically. In addition, we'll take a look at some in-progess projects to make PyPI more resilient, secure and sustainable.

avatar for Dustin Ingram

Dustin Ingram

Director, Python Software Foundation

Monday October 11, 2021 1:50pm - 2:05pm PDT
Room 403AB + Online Los Angeles Convention Center - 1201 S. Figueroa Street, Los Angeles, CA 90015

3:20pm PDT

Finding Your Way: A Survey of Supply Chains - Aeva Black, Microsoft
With the explosion of interest in SBOMs, it's likely that you've just heard of a few projects for the first time -- even if those projects aren't new, they may be new to you, and you might be asking yourself, "how is X different from Y?" You might also be wondering which projects you should select in order to satisfy the requirements of the Executive Order!
As when starting out on any journey, before entering unfamiliar territory, it is important to understand the lay of the land, pack the right supplies, and get to know your traveling companions.
In this talk, a few maps of the open source supply chain landscape will be shared. Attendees will gain a sense of both the breadth and depth of the challenges ahead, and learn to identify a few essential types of tools for their journey.

avatar for Aeva Black

Aeva Black

Open Source Hacker, Microsoft
Aeva Black is an incurably queer geek and veteran of the first dot-com bust. Roaming between startups and Big Tech with ease, Aeva currently works in Azure's Office of the CTO and serves the open source community as the Secretary of the Board for the Open Source Initiative and as... Read More →

Monday October 11, 2021 3:20pm - 3:35pm PDT
Room 403AB + Online Los Angeles Convention Center - 1201 S. Figueroa Street, Los Angeles, CA 90015

3:35pm PDT

Vulnerability Supply Chains - Art Manion, CERT Coordination Center
If you've analyzed or responded to software vulnerabilities like BadAlloc, KRACK, or the PROTOS SNMP test suite from 2002, then you've encountered the intersection of vulnerabilities and supply chains. Without supply chain knowledge, multi-party coordinated vulnerability disclosure efforts are largely limited to manual investigation, one-offs, and guesswork. Follow-on activities like vulnerability management and risk assessment are also hindered. To what extent are vulnerabilities in upstream dependencies inherited? What happens when build tools have or create vulnerabilities? How might we effectively perform coordinated disclosure and share supply chain knowledge at scale? What part will SBOM (software bill of materials) play?

avatar for Art Manion

Art Manion

Vulnerability Analysis Technical Manager, CERT/CC
Art Manion is a Principal Engineer and the Vulnerability Analysis Technical Manager at the CERT Coordination Center (CERT/CC), part of the Software Engineering Institute at Carnegie Mellon University. He and his team coordinate complex vulnerability disclosures, perform in-depth technical... Read More →

Monday October 11, 2021 3:35pm - 3:50pm PDT
Room 403AB + Online Los Angeles Convention Center - 1201 S. Figueroa Street, Los Angeles, CA 90015
  • Timezone
  • Filter By Venue Los Angeles, California, USA
  • Filter By Type
  • General Session
  • Keynote
  • Lightning Talk
  • Networking + Break
  • Talk Type

Filter sessions
Apply filters to sessions.