11-12, August 2026 Seoul, South Korea View More Details & Registration Note: The schedule is subject to change.
The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for Open Source Summit Korea 2026 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.
This schedule is automatically displayed in Korea Standard Time (KST), UTC +9. To see the schedule in your preferred timezone, please select from the drop-down menu to the right.
Sign up or log in to add sessions to your schedule and sync them to your phone or calendar.
You probably heard that SBOMs are helpful, but did you know that an SBOM only addresses a fraction of what can go wrong in your software supply chain? The SLSA (Supply Chain Levels for Software Artifacts) specification identifies 9 distinct threat areas, spanning from source code, all the way to package distribution. Most development teams address one or two of these and call it a day, leaving gaps that real-world attacks like SolarWinds and Log4J have already exploited. We understand that it is difficult to cover all aspects when it comes to the software supply chain.
How about we make this much easier? In this talk, we will present an overview of the modern software supply chain threat model, and show how you can provide integrity throughout the whole process of your software development life cycle. We will introduce an easy-to-setup, end-to-end open source stack, built from frameworks and tools within the CNCF/OpenSSF ecosystem.
I am a professor at NYU who has been working on software supply chain security for more than 20 years. I am a maintainer / creator of the TUF, Uptane, and in-toto projects, which are all under the LF.
