Agenda

Open-Source Software Security Initiative Workshop Agenda

*** All times EDT ***

Day 1: Wednesday, August 24, 2022

• 1045-1100: Virtual assembly
• 1100-1115: Welcome from OMB/NIST/NSF
  • Chris Inglis (National Cyber Director)
  • Margaret Martonosi (NSF)
  • Eric Mill (OMB)
  • Kevin Stine (NIST)
• 1115-1130: Welcome and logistics (Angelos Keromytis)
• 1130-1230: Keynote “A World Where We Trust Software“
  • Speaker: David Brumley
  • Abstract: What makes some teams care about application security (appsec), and others not?  What are common barriers to adoption?  And is appsec really the same thing regardless of the OSS project or language?First, this talk will show how different OSS communities view these challenges differently. For example, the python webdev treats OSS  security differently than the browser hacker.  Second, I’ll discuss principles for changing security from an add-on to a value-add. Third, I’ll give some hacks I’ve found work, as well as some obvious ideas that have backfired.  I’ll summarize with a vision of a world where we can trust software, and what incentives can help us get there.

• 1230-1400: Panel #1 “Addressing the Software Dependency Challenge in the Diverse OSS Ecosystem“
  • Moderator: Laurie Williams
  • Panelists: Dustin Ingram, Rhys Arkins, Justin Hutching
• 1400-1430: Lunch break
• 1430-1600: Panel #2 “Behavioral & Economic Incentives to Secure the OSS Ecosystem”
  • Moderator: David Brumley
  • Panelists: Uma Karmarkar, Yasemin Acar, Dustin Ingram, Deborah Shands, David Wheeler
• 1600-1645: Breakout sessions (3 in parallel, one for each topic)
  • Memory-Safe Language Adoption in OSS
    • Moderator: Nikhil Swamy
    •  Scribe(s): Deian Stefan, Athanasios Moschos
  • Software Dependency Management
    • Moderator:  Daniela Oliveira, Angelos Keromytis
    • Scribe: Athanasios Avgetidis 
  • Behavioral & Economic Incentives to Secure the OSS Ecosystem
    • Moderator: Laurie Williams
    • Scribe: Deborah Shands, Uma Karmarkar
• 1645-1700: Closing comments for the day

Day 2: Thursday, August 25, 2022

• 0950-1000: Virtual Assembly
• 1000-1130: Panel #3 “Difficulties and Opportunities of Encouraging Adoption of Memory-Safe Languages in OSS“
  • Moderator: Abhishek Arya
  • Panelists: Josh Aas, Matthias Payer, Alex Gaynor, David Brumley
• 1130-1300: Breakout sessions (continued)
• 1300-1330: Lunch break
• 1330-1600: Breakout sessions (continued)
• 1600-1700: Reports from the breakouts (20 minutes each)
• 1700-1715: Closing remarks

Meeting Access

To Join Zoom Meeting:

https://gatech.zoom.us/j/96085284419?pwd=NlNUc3pmSjlwN1NUb0hnYWN6bzB0QT09