Loading…
June 23 - 25, 2025
Denver, Colorado
View More Details & Registration
Note: The schedule is subject to change.

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for Open Source Summit North America 2025 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

This schedule is automatically displayed in Mountain Daylight Time (UTC/GMT -6). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date."

IMPORTANT NOTE: Timing of sessions and room locations are subject to change.
← Back to schedule
Whoops! I Accidentally Leaked My Cloud Keys - Eve Martin-Jones & Hayden Blauzvern, Google
Tuesday June 24, 2025 2:10pm - 2:50pm MDT
Bluebird Ballroom 2F
Leaked credentials aren't a new problem, but the primacy and complexity of Cloud environments means that leaked credentials are more likely than ever to be your problem. Not only that, but recent research has shown that it may only be a matter of seconds between a leak and an exploit. As the systems for developing, building, publishing and deploying applications become more sophisticated, the types of leaks developers need to guard against also change.

In this talk, we will present new research by the Google Open Source Security Team into when and how developers leak credentials in modern software applications. We'll discuss some of the common ways leaks occur for developers of open source artifacts like containers and software packages. We'll also provide practical insights into scalable credential scanning and ecosystem-level protections for developers and organizations who want to keep their credentials secure to help when every second counts.
Speakers
avatar for Eve Martin-Jones

Eve Martin-Jones

Senior Software Engineer, Google
Eve is an engineer working on open source software security at Google. She lives in Australia, with her cat Mochi, who is surprisingly proficient at JavaScript. Between D&D campaigns, she can be found deciphering the Cargo dependency-resolution algorithm bug-for-bug, advocating for... Read More →
avatar for Hayden Blauzvern

Hayden Blauzvern

Technical Lead Manager, Google
Hayden Blauzvern is a technical lead manager on Google’s Open Source Security Team, focused on making open-source software more secure through code signing and applied transparency. Hayden is a maintainer and the community chair on the Sigstore project.
Tuesday June 24, 2025 2:10pm - 2:50pm MDT
Bluebird Ballroom 2F
  Cloud + Containers
  • Audience Experience Level Any

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share
Share Modal

Share this link via

Or copy link