Loading…
25-27, August 2025
Amsterdam, Netherlands
View More Details & Registration
Note: The schedule is subject to change.

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for Open Source Summit Europe 2025 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

This schedule is automatically displayed in Central European Summer Time, CEST (UTC +2). To see the schedule in your preferred timezone, please select from the drop-down menu to the right. 

IMPORTANT NOTE: Timing of sessions and room locations are subject to change.
← Back to schedule
Chain Reaction: Remixing CNCF’s Supply Chain Security Guide for 2025 - John Kjell, ControlPlane
Monday August 25, 2025 14:25 - 15:05 CEST
Emerald Room
The original version of the CNCF Security TAG’s Supply Chain Security Best Practices was published in May 2021. To say “a lot has changed” since then would be a dramatic understatement—software supply chain attacks cost over $45 billion in 2023, with projections exceeding $80 billion by 2026.

In this talk, we'll take a whirlwind tour of the latest updates to the newly released second version of the Supply Chain Best Practices guide. One of the most significant changes is the increased adoption and maturity of SBOMs and attestations, supported by a rapidly growing ecosystem of tools for generating, verifying, and consuming this metadata.

We’ll explore how the open source community has responded to rising threats with a surge of new tools, improved standards, and broader best practice adoption—and how to chain these tools together for maximum impact.

We’ll showcase key open source projects from across the CNCF and OpenSSF ecosystems, including in-toto, TUF, SLSA, Guac, bomctl, SBOMit, and protobom.
Speakers
avatar for John Kjell

John Kjell

Principal Consultant, ControlPlane
John is a maintainer for the Witness and Archivista sub-projects under in-toto. Additionally, John is a co-chair to CNCF's TAG Security and active with multiple projects within the OpenSSF. Prior to ControlPlane, John was the Director of Open Source at TestifySec and an engineering... Read More →
Monday August 25, 2025 14:25 - 15:05 CEST
Emerald Room
  Cloud & Containers

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share
Need help? View Support Guides
Event questions? Contact Event Planner
©2025 Sched About Privacy Terms
Share Modal

Share this link via

Or copy link