A First Step to Attaining SLSA Level 3 on GitHub
Software supply chain security is top of mind for many developers. It's complex enough that the route to "more secure" is difficult to determine, especially...
As a former VMware employee, Joshua worked as a Staff 2 Engineer Alumni for the company’s Open Source Technology Center, with a focus on software supply chain security standards and tools. He was a steering committee member and maintainer for the Supply Chain Levels for Software Artifacts (SLSA) project, an editor of The Update Framework (TUF) specification and maintainer on various implementations, and a member of the sigstore community. Joshua has a long history of contributing to open source software. His noted works to date are on build tools (Yocto Project, OpenEmbedded), CI/CD systems, Linux distributions (MeeGo, Moblin, Tizen), UX for clamshell and tablet devices (GNOME), and more that he can't remember.
Software supply chain security is top of mind for many developers. It's complex enough that the route to "more secure" is difficult to determine, especially...