June 21-24, 2022
Austin, Texas, USA + Virtual
View More Details & Registration
Note: The schedule is subject to change.

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for Open Source Summit North America 2022 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

This schedule is automatically displayed in Central Daylight Time (UTC -5). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date."

IMPORTANT NOTE: Timing of sessions and room locations are subject to change.

Back To Schedule
Wednesday, June 22 • 2:35pm - 3:15pm
What Role Do Package Registries Have in Securing the Supply Chain? - Justin Colannino & Margaret Tucker, GitHub

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
This interactive session will discuss the important role of package registries in securing the open source software supply chain, as well as best practices and guiding principles for a secure package registry ecosystem. Maintainers have been managing risk in their ecosystems since the start and are the first line of defense for ecosystem code quality. But package registries also have a responsibility to protect developers depending on their package ecosystem and, ultimately, the end-users of the software. This responsibility to maintain safety and reliability must be balanced against the freedom and creativity of package maintainers whose skill, innovation, and gumption allow others to accomplish great things.


Margaret Tucker

GitHub, Policy Analyst
Margaret Tucker is a Policy Analyst at GitHub working on issues including intermediary liability, copyright, and open source security policy. Prior to joining GitHub, Margaret was a Policy Fellow serving the Office of Science and Technology Policy and also worked as a Research Associate... Read More →

Justin Colannino

Director, Developer Policy and Counsel, GitHub
Justin has a decade of experience representing clients at the intersection of free & open source software communities and for-profit enterprises. At GitHub, he works advocating for developers' ability to innovate, collaborate, and have equal opportunity. At Microsoft, he is part of... Read More →

Wednesday June 22, 2022 2:35pm - 3:15pm CDT
Brazos (Level 2)