Software Engineering Institute

Open Source Software (OSS) is being distributed and consumed today on a massive scale through software supply chains. While OSS delivers tremendous benefit in terms of accelerated development and innovation, it is an increasing common target of cyber adversaries. Join Derek for a discussion of how OSS is developed, distributed, maintained, and attacked. Derek will reveal insights on how open source projects with 1.5x more frequent releases and 530x faster open source dependencies upgrades harness this speed to dramatically improve security within their code. He will also share insights on how high performance enterprise software development teams simultaneously boost productivity and security - achieving 15x faster deployments and 26x faster remediation of application security vulnerabilities. Derek then will show how you can apply these exemplary practices to stay a step (or more) ahead of your adversaries using by sharing a set of best practices and attack countermeasures.

Derek serves as a Senior Vice President at the Linux Foundation supporting technology segments including DevOps, security, cloud-native computing and other tech segments. Prior to the Linux Foundation, Derek served as a Vice President at Sonatype where he focused on open source security and championed research for their annual State of the Software Supply Chain Report and DevSecOps Community Survey, six years running. Derek has been named to the DevOps 100 by TechBeacon, distinguished as the DevOps Evangelist of the Year by DevOps.com, and received the Industry Executive of the Year from ATARC.