Sal Kimmich
Open Source Security
London, United Kingdom
Actions
Sal is a developer advocate for open source and passionate about helping engineers, ethical hackers and digital enthusiasts understand the complexity of modern software development. With over a decade of experience as building cloud-native machine learning pipelines in the healthcare and tech for good sectors, their work is now focused on filling the cracks in the open source software supply chain to build a better digital future for all of us. By day, you'll find Sal working with site reliability engineers, DevOps and cybersecurity specialists to implement best tools and practices to remove toil from developer workflows. By night, you'll find Sal mentoring the next generation of engineers in cloud computing from around the globe, helping them to make the world a better place through the clever use of math.
Links
Area of Expertise
Topics
Why a Universal definition of 'Open Source AI' is essential for humanity
When Open Source definition was created more than a quarter century ago nobody could anticipate an enormous, multi trillion dollar market formation effect it would have on the IT industry. AI is now entering an era when it isn’t just an application of computing but rather a radically different way of how computational systems can be engineered. If we want these novel computational systems to be built in the same collaborative setting we are used to, we need to be extra smart about what parts of our open source legacy we take into the future and what parts we need to reinvent. In short, we need a level-setting, cross-industry definition of an “Open Source AI”. This session will cover topics ranging from impact of Generative AI to the fact that the traditional view of open source code implementing AI algorithms may not be sufficient to guarantee inspectability, modifiability and replicability. We will touch upon ongoing government efforts creating policies regulating AI and more specifically OSS AI proliferation. While the panel will mostly focus on the results and lessons learned from the OSI’s Deep Dive in AI we will also cover similar efforts by the Apache and Linux Foundations.
Where we are with "SBOMs Everywhere": Some Hard Challenges for a Simple Mandate
An SBOM, or Software Bill of Materials, provides a clear and accessible reference for all open source software components in your software. This isn’t just a central location to understand how information and dependencies flow within your architecture, it is crucial to proactively address cybersecurity risks in real-time. While simple to understand as an operational mandate, technical implementation has surfaced fascinating differences in the ways we deliver software from cases like BuildRoot to Cloud Computing Machine Learning. This talk will give you a better understanding of the why and how behind SBOMs for different architectures, resources to automate your SBOMs and this how verified metadata is crucial to the secure globalisation of Open Source.
Turtles All The Way Up: Harnessing Applied Category Theory for Cloud Native Innovation
In a rapidly evolving cloud native landscape, staying ahead of the curve is crucial for businesses aiming to navigate and succeed in the digital realm. Join us as we tap into the potential of Applied Category Theory (ACT) in empowering developers to leverage cloud native technologies like never before. With a focus on education and practicality, this talk will inspire developers of all skill levels to embark on a transformative journey. From memory safety and compiler design to quantum computing and cybersecurity, this talk will unravel the mysteries and complexities of ACT in a language accessible to all developers. We'll focus on how ACT facilitates a holistic approach to software design and verifiable, telemetry based regulation, from hardware to high-level languages, empowering you to build robust, efficient, and secure systems. Be prepared to embark on an exhilarating voyage, as we explore real-world case studies, industry best practices, and the future of cloud native innovation.
From Earth to Orbit: The Journey of Linux in Space
Explore the remarkable journey of Linux from terrestrial applications to its crucial role in space missions. This talk will highlight key milestones in how Linux has been adapted for use in space, discussing both technical advancements and the broader implications for the open source community. Discover how Linux is not only a tool for exploration but also a testament to the power of open source collaboration in pushing the boundaries of what's possible.
Decoding Trust: An Exploration in Confidential Computing
This session demystifies the concept of trust in the realm of confidential computing. We delve into the formal definitions and frameworks that underpin trust in this field, examining how they are applied and varied in various confidential computing environments. By dissecting case studies and current research, we uncover the intricate balance between technology, policy, and human factors that shape trust. Join us to gain a deeper understanding of what 'trust' truly means when considering hardware level attestation of software systems.
Culture Clash: Why DevOps, SRE and Cybersecurity teams have different motivations
The most beautiful thing about SRE is your error budget, but in cybersecurity, error budgets just can’t happen when a critical vulnerability is found in what we call “zero day” events. Here we’ll talk about shared SLOs that serve to keep source code running, while keeping vulnerabilities out.
Confidential Computing: The Art of Invisible Conversations in a Digital World
In the dynamic world of open technology, where data flows as freely as conversations in a crowded room, ensuring privacy and security is paramount. In this talk we explore how Trusted Execution Environments (TEEs) are evolving to create secure, invisible spaces for sensitive data processing. We'll illustrate how confidential computing safeguards information in government and public policy sectors. Attendees will gain insights into the intricate balance of openness and security, understanding the critical role of TEEs in protecting a digital dialogue of algorithmic assets.
Better, Faster, Stronger: How Global Acceleration of OS Development is Changing Ecosystems for Good
The last decade was coined a “pre-Cambrian explosion” for open source: ecosystem contribution models were still rapidly evolving to support a booming global community of developers both engaging in, and relying on, open source projects.
As we move into a new era of Open Source, we’re observing an exponential increase in the rate of OS project releases. This is both a technical and cultural change: a combination of tooling, automation and a growing awareness of the next generation cybersecurity in open source all play a role in this acceleration. As these globalized developer communities continue to build new and valuable features, automated analysis of best-choice versioning is essential to keeping pace with the open source supply chain.
In this talk you’ll learn the best practices for automating the decision making release versions for OS projects, and why a simple SBOM can help you to measure, predict and avoid bleeding edge supply chain security attacks.
SOSS Fusion 2024 Sessionize Event
Sal Kimmich
Open Source Security
London, United Kingdom
Links
Actions
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top