Paul Novarese

Links &c

• LinkedIn Profile
• Sessionize Profile
• Mastodon @pvn@mas.to
• signal:pvn.99

Selected Conference Talks/Presentations

• Are the Bad Guys Already in Your Software Supply Chain? (Spoiler Alert: Yes) (Threatcon1, 2025-09-22) [sildes]
• Are the Bad Guys Already in Your Software Supply Chain? (Spoiler Alert: Yes) (BSides Seattle, 2025-04-18) [slides]
• A New XZ Every Day: The Nightmare Future of Open Source Supply Chains is Already Here (BSides SLC, 2025-04-11) [slides]
• From Log4j to XZ: Unsolvable Issues in the Software Supply Chain (BSides RedRocks, 2024-11-15) (BSides Austin, 2024-12-05) [slides]
• The Legacy of Log4Shell and the Future of DevSecOps (Texas Linux Fest, 2024-04-13) [sildes] (no recording available)
• The Legacy of Log4Shell (DevOpsDays Chattanooga, 2023-11-15) [slides] (no recording available)
• The Lessons of Log4Shell (BSides RDU, 2023-09-22) [slides]
• The Lessons of Log4Shell (DevOpsDays DC, 2023-09-14) [slides]
• Panel: SBOM Content, Usefulness, and Caveats (FOSDEM, 2023-02-05) (and OpenSSF Recap)
• Learn From Log4Shell: Using SBOMs for Zero-Day Preparedness (DevOpsDays Houston, 2022-10-04; DevOpsDays Chattanooga, 2022-11-14) [slides]
• Secure Your Supply Chain: Adding a Software Bill of Materials to Your Containers to Improve Vulnerability Scanning (Open Source Summit Seattle, 2021-09-29) [slides]
• User Namespace and Seccomp Support in Docker Engine (ContainerCon Toronto, 2016-08-24; ContainerCon Berlin, 2016-10-04) [slides]

Papers, Reports, Reading Material &c

• Contributor Intelligence: Why People Behind the Code Matter More Than Ever (Hunted Labs blog, 2025-10-22)
• Not So Fast and Furious: Popping Fast-Glob's Hood (Hunted Labs Threat Report, 2025-08-27)
• The Russian Open Source Project That We Can't Live Without (Hunted Labs Threat Report, 2025-05-05)
• How North Korea is Exploiting GitHub to Infiltrate Software Supply Chains (Hunted Labs blog, 2025-03-12)
• Software Supply Chains and the Rude Awakening that Ushered in a New Era of Intelligent Security (Hunted Labs blog, 2024-11-19)
• Software Supply Chain Hierarchy of Needs: SBOM as the Foundation (anchore.com blog, 2023-08-02)

Upcoming

• The Phantom of the Open Source Supply Chain (TBD)
• Unrestricted Warfare: China's Software Dominance in Open Source Software

Interviews

• The Importance of a Software Bill of Materials (Red Hat OpenShift TV, 2021-06-29)
• Security Week: Continuous Security and Compliance with Anchore Enterprise (Red Hat X Podcast Series, 2021-04-28)

Other Appearances (Sponsored Talks, Webinars, &c)

• Scaling Software Security (anchore.com webinar w/ Nvidia, 2023-09-19)
• SSDF - Myth vs. Reality (anchore.com webinar, 2023-05-23)
• SBOMs on the Road: Thrilling Tales of Supply Chain Security (anchore.com webinar, 2023-03-28)
• Workshop: Using SBOMs to Secure Your Software Supply Chain (DevOps World Orlando, 2022-09-27, Cancelled due to Hurricane Ian)
• How GitLab and Anchore Work Together to Protect Containerized Workloads (GitLab Commit, 2021-08-03)
• Finding the Hidden Risks in Your Software Containers (devops.com webinar, 2021-07-08)
• How to Secure Your DevOps Pipeline in a Post-SolarWinds World (anchore.com webinar, 2021-07-01)
• Staying Out of the (Bad) Headlines: Keeping Attackers Out of your DevOps Toolchain (DevOps Enterprise Summit EU, 2021-05-18)

Last update: 07:10 CDT6CST 2025-12-12