Snyk sponsoring 2021 Open Source Summit by the Linux Foundation

The Open Source Summit is an event hosted by the Linux Foundation that features expert speakers in the open source community, ranging from developers and system admins to DevOps and security professionals. This year's event is being held September 27–30in Seattle, but allows for virtual attendance from anywhere in the world. Snyk will be sponsoring the event and presenting a number of talks related to open source security.

Snyk has been a longstanding partner with the Linux Foundation. In fact, the LFX security tool is a jointly developed solution to improve the code security of open source projects. The Linux Foundation aggregates security data, while Snyk provides the security scanning engine and subject matter expertise. This approach has led to nearly 5,000 open source code repositories being scanned and over 170,000 vulnerabilities being fixed.

In addition, Snyk is a member of the Open Source Security Foundation, Cloud Native Computing Foundation, the Continuous Delivery Foundation, and the OpenJS Foundation. Snyk is involved with these projects to further application security across all areas of open source software development.

During the Open Source Summit event, Snyk will be hosting four talks about open source application security. This includes a live hacking workshop about securing Kubernetes configurations. Here’s what to expect from Snyk at the Open Source Summit.

Are we forever doomed to software supply chain security?

The adoption of open source software continues to grow and creates significant security concerns for everything from software supply chain attacks in language ecosystem registries to cloud-native application security concerns.

Liran Tal, Director of Developer Advocacy at Snyk will be hosting a session to explore how developers are targeted for malware distribution, the degree to which we rely on open source maintainers for security fixes, and why infrastructure as code (IaC) is creating new security concerns for development teams.

Snyk tutorial: Hack my misconfigured Kubernetes

In the last few years, we’ve seen more and more infrastructure and security responsibilities shift left to development teams. With the widespread adoption of Kubernetes, we’re now seeing configurations become a developer issue first and foremost. This responsibility means that developers need to be aware of the security risks involved in their configurations.

Eric Smalling, Senior Developer Advocate at Snyk, believes developers should give the necessary attention to these configuration risks that impact application and cluster security. That’s why he’s hosting a live hacking presentation, where he will demonstrate some of the key security issues that affect Kubernetes configurations. This includes SecurityContext pitfalls like privileged Pods and running Pods without resource limitations.

Nurturing women in India to join InfoSec community

As India continues to see enormous growth, many women are falling behind in the technology industry. In fact, the number of women that are entering the technology workforce — and particularly cybersecurity — is much lower in India than the rest of the world.

Vandana Verma Sehgal, Security Advocate at Snyk, will be discussing the InfoSecGirls community and its goal to bring more women into the cybersecurity workforce. Join the talk to learn more about the initiative to encourage women, students, kids, and underprivileged communities to come forward and be a part of the cybersecurity community.

Open source tooling for software bill of materials

A software bill of materials (SBOM) is a list of components that make up a given application, which is useful for understanding factors that impact software like license compliance and supply chain threats. SBOM may not be a new idea, but it’s becoming mainstream.

Gareth Rushgrove, VP of Product at Snyk, will discuss how SBOMs relate to open source developers, which existing open source tools are available for working with SBOMs, and what SBOM initiatives the community can get involved with today.

Snyk is excited to be a sponsor at the Open Source Summit hosted by the Linux Foundation this year. The opportunity to connect with the open source community and spread awareness about application security is invaluable.

Join Snyk at the Open Source Summit to learn more about open source application security.