You are viewing content from a past/completed QCon - September 2021. Check out our upcoming events.

Securing the Development & Supply Chain of Open Source Software (OSS)

Open Source Software (OSS) is everywhere today. Unfortunately, all software (OSS and not) is under attack. This talk will briefly discuss how OSS is developed & distributed as a supply chain (SC) model, which then gives insights into how OSS is attacked and some countermeasures. We then discuss how OSS developers can develop & distribute secure OSS today, discuss how potential users can select secure OSS (including by looking for those developer practices), and obtain a glimpse at what’s coming in the future.


David Wheeler

Director of Open Source Supply Chain Security @linuxfoundation

Dr. David A. Wheeler is an expert on open source software (OSS) and on developing secure software. His works on OSS include "Publicly Releasing Open Source Software Developed for the U.S. Government", and "Open Source Software is Commercial". He also helped develop the U.S. Department of Defense (DoD) policy on OSS. His works on developing secure software include "Secure Programming HOWTO" and "Fully Countering Trusting Trust through Diverse Double-Compiling (DDC)”. David A. Wheeler is the Director of Open Source Supply Chain Security at the Linux Foundation and teaches a graduate course in developing secure software at George Mason University (GMU). Dr. Wheeler has a PhD in Information Technology, a Master's in Computer Science, a certificate in Information Security, a certificate in Software Engineering, and a B.S. in Electronics Engineering, all from George Mason University (GMU). He is a Certified Information Systems Security Professional (CISSP) and Senior Member of the Institute of Electrical and Electronics Engineers (IEEE). He lives in Northern Virginia.


Learn more about the organizations that joined us on this journey