Paul Novarese

Links &c

• LinkedIn Profile
• Mastodon @pvn@mas.to
• Twitter (inactive)

Notable Appearances

• Texas Linux Fest (2024-04-13)
• DevOpsDays Chattanooga (2023-11-15)
• BSides RDU (2023-09-22)
• DevOpsDays Washington DC (2023-09-14)
• FOSDEM (2023-02-05)
• DevOpsDays Chattanooga (2022-11-14)
• DevOpsDays Houston (2022-10-04)
• Open Source Summit North America (2021-09-29)
• ContainerCon Europe (2016-10-04)
• ContainerCon North America (2016-08-24)

Papers, Talks, &c

• The Legacy of Log4Shell [video coming soon] (DevOpsDays Chattanooga, 2023-11-15) [slides]
• The Lessons of Log4Shell (BSides RDU, 2023-09-22) [slides]
• The Lessons of Log4Shell (DevOpsDays DC, 2023-09-14) [slides]
• Panel: SBOM Content, Usefulness, and Caveats (FOSDEM, 2023-02-05) (and OpenSSF Recap)
• Learn From Log4Shell: Using SBOMs for Zero-Day Preparedness (DevOpsDays Chattanooga, 2022-11-14) [slides]
• Secure Your Supply Chain: Adding a Software Bill of Materials to Your Containers to Improve Vulnerability Scanning (Open Source Summit Seattle, 2021-09-29) [slides]
• User Namespace and Seccomp Support in Docker Engine (ContainerCon Toronto, 2016-08-24) [slides]

Upcoming

• BSides Reykjavik (2024-05-18)

Interviews

• The Importance of a Software Bill of Materials (Red Hat OpenShift TV, 2021-06-29)
• Security Week: Continuous Security and Compliance with Anchore Enterprise (Red Hat X Podcast Series, 2021-04-28)

Other Appearances (Sponsored Talks, Webinars, &c)

• Scaling Software Security (anchore.com webinar w/ Nvidia, 2023-09-19)
• SSDF - Myth vs. Reality (anchore.com webinar, 2023-05-23)
• SBOMs on the Road: Thrilling Tales of Supply Chain Security (anchore.com webinar, 2023-03-28)
• Workshop: Using SBOMs to Secure Your Software Supply Chain (DevOps World Orlando, 2022-09-27, Cancelled due to Hurricane Ian)
• How GitLab and Anchore Work Together to Protect Containerized Workloads (GitLab Commit, 2021-08-03)
• Finding the Hidden Risks in Your Software Containers (devops.com webinar, 2021-07-08)
• Staying Out of the (Bad) Headlines: Keeping Attackers Out of your DevOps Toolchain (DevOps Enterprise Summit EU, 2021-05-18)

Selected Rejected Papers

• Securing the Software Supply Chain with Fully Automated Luxury DevSecOps (GitHub Universe 2022)
• Stop Gambling with Security: How to Find the Hidden Risks in Your Software Containers (Red Hat Summit 2022)
• Practical Docker Image Signing and Verification (DevOpsDays Boston 2016)
• Monitoring containers with Performance Co-Pilot (DockerCon 2015)

Last update: 09:53 CDT6CST 2024-04-13