The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for Open Source Summit North America 2025 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.
This schedule is automatically displayed in Mountain Daylight Time (UTC/GMT -6). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date."
IMPORTANT NOTE: Timing of sessions and room locations are subject to change.
Sign up or log in to bookmark your favorites and sync them to your phone or calendar.
As security concerns continue to grow in the software industry, customers seek assurance that the software they rely on is built securely. While applying security patches is essential, it is equally important to understand the proactive measures taken throughout the development process to ensure that our software is built securely.
Red Hat follows a comprehensive Secure Software Development Lifecycle (SDLC) framework to improve software security during the entire software lifecycle. We use an open source end-to-end build and release environment, which uses SLSA framework as a guide for reinforcing and gating the build process to secure and fortify your software supply chain against various threats.
This session will include: - The key difference between proactive and reactive security measures. - SDLC objectives and how Red Hat achieves them to meet high security standards. - Overview of how automated testing and open-source solutions enhance SDLC. - Proactive vulnerability management during the build lifecycle phase. - Secure software building with attestation data production, including CSAF/VEX and SBOM. - Future of AI testing within the software supply chain security.
Przemysław “Rogue” Roguski is a Security Architect at Red Hat who specializes in shift-left security initiatives included in build and release processes. He is focused on the security data improvements, especially security data usability in the vulnerability management and production... Read More →
