State of Open Con 2025

Delivering software fast is one piece of the deployment puzzle, but delivering it securely is the glue that keeps your puzzle from falling apart. Software supply chain attacks are on the rise with security exploits directly targeting open source projects, central repositories, and software package managers. With 90% of enterprise companies using open source software in their builds no one is immune to these attacks and now more than ever the community is working hard to create safeguards and tooling to prevent potential attacks. The question then becomes who should you look to for best in class security protocols?

Thankfully the open source community is banding together and foundations like OpenSSF, CNCF and OWASP and companies are working to solve security problems. To help ensure a secure SDLC, these developer focused communities are investing time, energy, money and innovation in projects that provide security solutions. This talk will give a brief overview of some major attacks in the last decade, it will underscore the importance of securing your software supply chain at the source and will highlight a some open source projects that are on the market that are helping to close the security gaps.