Loading…
June 21-24, 2022
Austin, Texas, USA + Virtual
View More Details & Registration
Note: The schedule is subject to change.

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for Open Source Summit North America 2022 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

This schedule is automatically displayed in Central Daylight Time (UTC -5). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date."

IMPORTANT NOTE: Timing of sessions and room locations are subject to change.

Simple
Expanded
Grid
By Venue
Global Security Vulnerability Summit (GSVS) [clear filter]
Thursday, June 23
 

2:05pm CDT

Securing Open Source Software - End-to-End, at Massive Scale, Together - Christopher R Robinson, Intel & Anne Bertucio, Google
Open source software is a significant part of the core infrastructure in most enterprises in most sectors around the world and is foundational to the internet as we know it. It also represents a massive and profoundly valuable attack surface. Each year more lines of source code are created than ever before - and along with them, vulnerabilities. In this presentation, we’ll share key lessons learned in our experience coordinating the industry-wide remediation of some of the most impactful vulnerabilities ever disclosed, present a threat model of the many unmitigated challenges to securing the open source ecosystem, share new data which illustrates just how fragile and interdependent the security our core infrastructure can be, debate the challenges to securing OSS at scale, and speak unspoken truths of coordinated disclosure and where it can fail. We will also discuss the Open Source Security Foundation (OpenSSF) and share guidance for how members of the security community can get involved and contribute meaningfully to improving the security of OSS - especially through coordinated industry-wide efforts.
Speakers
avatar for Anne Bertucio

Anne Bertucio

Open Source Programs Office, Sr Manager, Google
Anne leads program development in Google’s Open Source Programs Office (OSPO). The Program Development Team helps teams at Alphabet develop, contribute to, and release open source software with an eye towards strategy, sustainability, and the spirit of the Open Source Definition... Read More →
avatar for Christopher (CRob) Robinson

Christopher (CRob) Robinson

Director of Security Communications, Intel
Christopher Robinson (aka CRob) is Director of Security Communications at Intel Product Assurance and Security CRob is a 42nd level Dungeon Master and a 25th level Securityologist. CRob has been involved in upstream open source security for a decade, and spent 6 years helping lead... Read More →

Thursday June 23, 2022 2:05pm - 2:45pm CDT
Brazos (Level 2)
  Global Security Vulnerability Summit (GSVS), Community Building

4:55pm CDT

An Econometric Examination of Cybersecurity Vulnerabilities in Open Source Software Comprising Critical Internet Infrastructure - Bryan Boots, PhD Student
This presentation describes corollary evidence suggesting that, despite many high-profile examples in recent years of vulnerabilities discovered in open source software used by millions of people around the world, there continues to be an under-investment in security for open source projects as compared to proprietary ones.

The study uses a public data source to perform an econometric analysis of bug bounties that were paid for discovery of software vulnerabilities. The study compares the amount and frequency of bounties paid for a sampling of open source critical Internet infrastructure projects (such as the Nginx server) and a sampling of proprietary Internet infrastructure projects, and finds a statistically relevant difference between the two.

The presentation discusses possible explanations for why this is the case, drawing from economic theory, and provides direction for future research related to the subject.

Speakers
avatar for Bryan Boots

Bryan Boots

PhD Student, Colorado State University
Bryan is a PhD candidate in Systems Engineering with Colorado State University. He will defend his dissertation, titled "Systems for improving trust and security on the Internet", in late 2022. His research interests include network science and complex adaptive systems, and their... Read More →

Boots 06 23 2022 pdf
Thursday June 23, 2022 4:55pm - 5:35pm CDT
Room 205 (Level 2)
  Global Security Vulnerability Summit (GSVS), Community Building
 
Filter sessions
Apply filters to sessions.
Sunday, June 19
Monday, June 20
Tuesday, June 21
Wednesday, June 22
Thursday, June 23
Friday, June 24
5th Floor Terrace
Arlo Grey at the LINE Hotel
Brazos (Level 2)
Capital Factory
Griffin Hall (Level 2)
JW Grand Ballroom (Level 4)
JW Grand Ballroom Foyer (Level 4)
JW Grand Ballroom Foyer (Level 4), Lone Star Ballroom Foyer (Level 3)
JW Marriott Lobby (Ground Floor)
Lone Star B/C (Level 3)
Lone Star Ballroom Foyer (Level 3)
Lone Star D/E (Level 3)
Lone Star East Foyer (Level 3)
Lone Star F (Level 3)
Lone Star G (Level 3)
Lone Star G/H (Level 3)
Lone Star H (Level 3)
Lunch Maps Available at the Registration Counter (Level 4)
P6 at The LINE Hotel
Pelon's Tex-Mex
Private: Participants Received Location Details via Email
Room 201/202 (Level 2)
Room 203/204 (Level 2)
Room 205 (Level 2)
Room 207 (Level 2)
Room 211/212 (Level 2)
Room 301/302 (Level 3)
Room 303/304 (Level 3)
Room 310/311 (Level 3)
Room 402/403 (Level 4)
Room 408/409 (Level 4)
Stubb's Bar-B-Q
UPSTAIRS AT CAROLINE
  • CloudOpen
  • Community Leadership Conference
  • ContainerCon
  • Critical Software Summit
  • Diversity Empowerment Summit
  • Embedded IoT
  • Embedded Linux Conference (ELC)
  • Emerging OS Forum
  • Global Security Vulnerability Summit (GSVS)
  • Keynote Sessions
  • LinuxCon
  • Open AI & Data Forum
  • Open Source On-Ramp
  • OSPOCon
  • Project Mini-Summits / Co-located Events
  • Special Events / Exhibits / Breaks
  • SupplyChainSecurityCon
  • Wildcard
  • Experience Level
  • Any
  • Entry-level
  • Mid-level
  • Senior-level
  • Session Type
  • In-person Speaker(s)
  • Virtual Speaker(s)
  • Session Slides Attached
  • Yes