Bridging the Gap Between Open Source Problems - Communities In Action

Community members from multiple projects, foundations and organizations like Oasis Open, CNCF, OpenSSF, Rust Foundation, and the Continuous Delivery Foundation find themselves working on the same problems, but they are all attacking the issues from different angles. The one thing that is constant is that the community wants to solve the problem but community members find themselves working in silos based on what foundation their respective companies belong to and we feel the community as a whole are missing out on the bigger picture. This talk will show how cross community collaboration can strengthen both communities and foundations by bridging the gap in knowledge, practice and standards the result may help create solutions that are well thought out from multiple vantage points that benefit developers across the board.

Building a Community Bridge Between Java and Open Source Security

Have you ‘shifted left?’ Are you scanning your code for vulnerabilities before you deploy to production? Do you even care? Shifting left as a developer may seem like an annoying task to add to your workflow or you may feel overwhelmed because there are so many ‘security’ products in the marketplace you don’t know what to choose. As a Java developer how do you even get started with the practice of shifting left? That’s where community comes in and becomes the bridge between ‘I know I need to do this,’ and ‘how do I do this.’

The Continuous Delivery Foundation is an open source community improving the world's ability to deliver software with security and speed. This talk will cover how expanding your network to include the CDF will help you shift your thinking and your skills.

Securing Your Software Supply Chain One Open Source Project at a Time

Delivering software fast is one piece of the CI/CD puzzle, but delivering it securely is the glue that keeps your puzzle from falling apart. Software supply chain attacks are on the rise with security exploits directly targeting open source projects, central repositories, and software package managers. The financial industry is not immune to these attacks and now more than ever they need to be working harder to prevent potential attacks. The question then becomes how do you protect your DevOps pipeline?

This is a problem that projects in foundations like the Continuous Delivery Foundation (CDF), OpenSSF, CNCF and OWASP are working to solve.. To help ensure a secure SDLC, these vendor neutral, developer focused communities are investing in projects that provide security solutions. This talk will highlight the importance of securing your software supply chain at the source and how technologists all around the globe are working to solve this problem.

I’ve Started an Open Source Project – Now What!?!

You created a brand new open source project and you know that your project is going to save thousands of developers from going through the same hardships you faced. But how to get the word out about this amazing tool you built and get more user adoption, contributors, maintainers…

This talk will discuss how you can get your project more visibility within the developer community by proposing it to become a part of a foundation. I'll cover the who, what, where, and why of taking your project to the next level and proposing it to a foundation.

What Do You Get If You Cross the CNCF, CDF & OpenSFF? Strenghtening Community through Collaboration

Community members from multiple projects, foundations and organizations find themselves working on the same problems and are attacking the issues from different angles. The cool thing is the community wants to solve the problem. The harsh reality is these groups often find themselves working in silos based on the working group, SIG or foundation they joined. This creates a whole new problem: how do we share findings, reference architectures, resources across the board? This talk will focus on CNCF, CDF and OpenSFF and will demonstrate how cross community collaboration can strengthen both communities and foundations by bridging the gap in knowledge, practice and standards. The result may help create solutions that are well thought out from multiple vantage points that benefit developers across the board whether they are focused on cloud native, continuous delivery or software supply chain security.

This talk covers three Linux Foundations: CNCF, CDF, and OpenSFF and discusses working in silos and the potential opportunities to increase knowledge base and creativity to solve pain points when communication is open and brain trust is shared.

The 5 Ws and H of Open Source Community

The term 'community' is used throughout tech conversations, articles, websites, marketing collateral, etc. The list is endless but what exactly is an open source community? This panel will discuss the 5 Ws: who, what, where, why, when, and the H: how - of open source community. We'll dive into each question and give real world examples of our experience getting to the bottom of 'open source community.' We'll discuss the who, the people that dedicate their time to community, the what: technology and projects, when things go well, why things maybe don't go so well, and how to join and get involved!

5 community leaders will talk about the value of open source community by delving into the reasons why it exists and how it makes the technology ecosystem stronger.

Black Jack! Doubling Down on Open Source

The probability of winning blackjack is 42.22%, and the probability that your company’s enterprise software is using open source components is anywhere between 70-85%. With high risk - XZ Utils Backdoor, SolarWinds, Log4J, etc. comes the opportunity for high rewards - innovation, developer productivity and community happiness! The chance that your company isn’t consuming open source is so low that doubling down on contributing to open source is the safest bet you’ll make. This talk will cover why an effective open source strategy is a win for the community and for your company. We’ll discuss the benefits of having a ‘seat at the table’ and why this is a low risk high reward move.