Open Source Summit North America 2022

What Is This Event?

Bill will be speaking at the Open Source Summit North America 2022 for SupplyChainSecurityCon about Modern Governance.  Bill will talk for 50 minutes about Measuring Risk of Potential & Already-included OSS.  This is a mid-level technical talk.

The Talk

Dear Security, Compliance, and Auditors, we’re sorry. Love, DevOps.

Stop it with the DevSecAuditComplianceOps buzzwords within the software supply chain. Let’s simply talk about Modern Governance.

Great software supply chain hygiene requires governance. Governance stinks because we do it wrong. I promise to give you the means to go from commit to production with 100% no-human-hands. All while meeting visibility, security, compliance, and audit requirements without fail. Modern Governance applies to standard line-of-business software, machine learning, edge, IoT, and any other software artifact.

DevOps solved the Developer and Operators conflict. It forgot other essential folks of the delivery lifecycle: Security, Compliance, and Audit. It’s also missing the newest entrant, Software Supply Chain Management.

We will talk about Modern Governance. Modern Governance resolves governance toil with a software engineering approach. It is no different than applying Site Reliability Engineering (SRE) principles & practices to the dull, mundane, and toil-ridden governance processes.