Paul Novarese

Links &c

• LinkedIn Profile
• Mastodon @pvn@mas.to

Papers, Talks, &c

• From Log4j to XZ: Unsolvable Issues in the Software Supply Chain (BSides RedRocks, 2024-11-15) (BSides Austin, 2024-12-05) [slides]
• The Legacy of Log4Shell and the Future of DevSecOps (Texas Linux Fest, 2024-04-13) [sildes]
• The Legacy of Log4Shell (DevOpsDays Chattanooga, 2023-11-15) [slides]
• The Lessons of Log4Shell (BSides RDU, 2023-09-22) [slides]
• The Lessons of Log4Shell (DevOpsDays DC, 2023-09-14) [slides]
• Panel: SBOM Content, Usefulness, and Caveats (FOSDEM, 2023-02-05) (and OpenSSF Recap)
• Learn From Log4Shell: Using SBOMs for Zero-Day Preparedness (DevOpsDays Houston, 2022-10-04; DevOpsDays Chattanooga, 2022-11-14) [slides]
• Secure Your Supply Chain: Adding a Software Bill of Materials to Your Containers to Improve Vulnerability Scanning (Open Source Summit Seattle, 2021-09-29) [slides]
• User Namespace and Seccomp Support in Docker Engine (ContainerCon Toronto, 2016-08-24; ContainerCon Berlin, 2016-10-04) [slides]

Upcoming

• A New XZ Every Day: The Nightmare Future of Open Source Supply Chains is Already Here (BSides SLC, April 2025)
• Are the Bad Guys Already in Your Software Supply Chain? (Spoiler Alert: Yes) (BSides Seattle, April 2025)

Interviews

• The Importance of a Software Bill of Materials (Red Hat OpenShift TV, 2021-06-29)
• Security Week: Continuous Security and Compliance with Anchore Enterprise (Red Hat X Podcast Series, 2021-04-28)

Other Appearances (Sponsored Talks, Webinars, &c)

• Software Supply Chains and the Rude Awakening that Ushered in a New Era of Intelligent Security (huntedlabs blog, 2024-11-19)
• Scaling Software Security (anchore.com webinar w/ Nvidia, 2023-09-19)
• Software Supply Chain Hierarchy of Needs: SBOM as the Foundation (anchore.com blog, 2023-08-02)
• SSDF - Myth vs. Reality (anchore.com webinar, 2023-05-23)
• SBOMs on the Road: Thrilling Tales of Supply Chain Security (anchore.com webinar, 2023-03-28)
• Workshop: Using SBOMs to Secure Your Software Supply Chain (DevOps World Orlando, 2022-09-27, Cancelled due to Hurricane Ian)
• How GitLab and Anchore Work Together to Protect Containerized Workloads (GitLab Commit, 2021-08-03)
• Finding the Hidden Risks in Your Software Containers (devops.com webinar, 2021-07-08)
• How to Secure Your DevOps Pipeline in a Post-SolarWinds World (anchore.com webinar, 2021-07-01)
• Staying Out of the (Bad) Headlines: Keeping Attackers Out of your DevOps Toolchain (DevOps Enterprise Summit EU, 2021-05-18)

Last update: 13:58 CDT6CST 2024-12-13