Stacey Potter
Community Manager, OpenSSF
New York City, New York, United States
Actions
Stacey brings extensive experience in open source community building, marketing, and event coordination. With a background spanning projects like Minder, Flux and Flagger, OpenFeature, and Keptn, she has played a key role in fostering engagement and driving adoption across cloud-native and open source security ecosystems.
Area of Expertise
Topics
Security Things: How OpenSSF’s Technical Initiatives Keep You Safe from the Upside Down!
As a sister foundation to the Continuous Delivery Foundation (CDF) under the auspices of The Linux Foundation, the Open Source Security Foundation’s (OpenSSF) mission is to make it easier to sustainably secure the development, maintenance, release, and consumption of open source software (OSS). This includes fostering collaboration within and beyond the OpenSSF, establishing best practices, and developing innovative solutions.
In this hour long session, we’ll connect real problems to OpenSSF solutions, then invite OpenSSF Working Group Leads and Project Maintainers to demo their respective projects in shortlightning rounds that show you how they’ll make your DevOps, CI/CD, or Platform Engineering lives easier to secure!
Bring Your Lunch, We'll Bring Our Notebooks: Securing Software Workflows
Somewhere along the way, the security ecosystem started asking you to add more steps, update more plugins, and generate more outputs without asking what that actually costs you.
We asked for feedback during a lunch time session at cdCon last year. The feedback was blunt, honest and exactly why we are back for this open-floor discussion hosted by the OpenSSF Developer Relations (DevRel) community. No slides, no demos, no pitches. This is a no-shame venting session with purpose; bring your lunch, your coffee, and your honest feedback. We want to hear from the people implementing and operating these tools. Share where security tools are missing the mark and what's standing between "this is a good idea" and "this is actually working for us."
This session leads directly into sessions with OpenSSF project maintainers, so the people who can act on your feedback will already be in the room.
Supply Chain Reaction: A Cautionary Tale in K8S Security
Your Kubernetes cluster seems bulletproof: network policies, mTLS, no external API access, GitOps workflows, and automated CI/CD. But you're still vulnerable.
This talk follows a real-world attack where a hacker bypasses traditional defenses through supply chain exploits: poisoned commits, tainted build tools, malicious images, and backdoored dependencies. A diligent DevOps engineer struggles to keep up.
But this isn’t just a tale of doom. Each attack vector is met with a practical counter using OpenSSF projects: Sigstore for image signing. SLSA attestations for build security, OpenVEX/SBOM for dependency protection, gittuf for source control
This session highlights how hardening the supply chain transforms into defense-in-depth without burdening the developer.
Takeaways include:
-How supply chain attacks bypass secure K8s setups
-Actionable implementation and enforcement of OpenSSF tooling, coordinated through the OSPS Baseline
-Practical CI/CD and GitOps integrity improvements
OpenSSF Community Day North America 2026 Sessionize Event
Open Source Summit + Embedded Linux Conference North America 2026 Sessionize Event
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top