Open Source Development: Security
2021: Episode 05
Everyone's talking about software supply chain security these days! Join Anne Bertucio and Dan Lorenc, who work on open source security at Google, to talk all things open source security, from supply chain to dependency issues to vulnerabilities!
Anne is a member of Google’s Open Source Programs Office (OSPO) where she helps teams at Alphabet develop, contribute to, and release open source software. Anne works on strengthening the security practices of open source projects run by Google, helping Googlers work effectively and efficiently in open source, and being an advocate for security in the wider open source community. In particular, she focuses on open source vulnerability disclosure, project governance, and contributor sustainability. Anne previously focused on Kubernetes and container security, and authored the paper Why Container Security Matters to your Business in 2019. Before coming to Google, she was a staff member of the OpenStack Foundation (now known as the Open Infrastructure Foundation), where she was part of the inaugural core team of the Kata Containers project and on the release management team for the OpenStack project. Anne has a B.A. in policy and worked in community and government relations in renewable energy before coming to tech.
Dan is a Staff Software Engineer and the lead for Google’s Open Source Security Team (GOSST) He’s been working in the Cloud space for eight years and has mostly focused on open source tools related to building containers easily and securely. He founded projects like Minikube, Skaffold, TektonCD and Sigstore. Dan regularly blogs about supply chain security and serves on the TAC for the OpenSSF.