Name: The Chain of Command: Building Trust Across Public Sector Software Pipelines - John Kjell, ControlPlane
Start: 2025-08-25T15:35:00+0200
End: 2025-08-25T16:15:00+0200

25-27, August 2025
Amsterdam, Netherlands
View More Details & Registration
Note: The schedule is subject to change.

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for Open Source Summit Europe 2025 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

This schedule is automatically displayed in Central European Summer Time, CEST (UTC +2). To see the schedule in your preferred timezone, please select from the drop-down menu to the right.

IMPORTANT NOTE: Timing of sessions and room locations are subject to change.

Monday August 25, 2025 15:35 - 16:15 CEST

G105

The CNCF’s Cloud Native Public Sector User Group, founded in 2023, aims to advance cloud-native best practices within the public sector, with a focus on improving workflows and supply chain security.

Public sector organizations face unique and evolving challenges that complicate software supply chain security. These include the absence of standardized practices for what software can enter isolated networks, no shared root of trust, and a lack of frameworks for integrating public and private attestations. There's also no guidance for using shared, non-public infrastructure—hindering trust and automation.

This talk, based on learnings from the groups recent publications, explores how public sector consumers can receive trusted attestations that prove origin, integrity, and authorship—across companies, networks, and government entities. It also asks: what’s the minimum assurance needed for trust, and how do we balance stringent requirements without sidelining small suppliers?

Key Takeaways:

• Current challenges in public sector supply chain security

• Emerging needs for trust, attestations, and integration

• Ideas for equitable, scalable solutions across supplier sizes

Speakers

John Kjell

Principal Consultant, ControlPlane

John is a maintainer for the Witness and Archivista sub-projects under in-toto. Additionally, John is a co-chair to CNCF's TAG Security and active with multiple projects within the OpenSSF. Prior to ControlPlane, John was the Director of Open Source at TestifySec and an engineering... Read More →

Monday August 25, 2025 15:35 - 16:15 CEST
G105

OpenGovCon

Audience Experience Level Beginner

Open Source Summit Europe 2025

John Kjell

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!