Community Tech Meetup

Omkhar Arasaratnam, General Manager Open SSF

This Keynote explores the critical role of open source security and the initiatives of the Open Source Security Foundation (OpenSSF). As open source software becomes increasingly integral to global technology infrastructure, ensuring its security is paramount. The talk will cover the unique challenges open source projects face, such as widespread usage and diverse contributor bases, and how OpenSSF addresses these through collaborative efforts, best practices, and innovative tools. Attendees will gain insights into current open source security trends, the importance of community involvement, and practical steps to enhance the security of open source software in their own projects.

Tomas Gustavsson, Chief PKI Officer | David Hook, VP Software Engineering Bouncy Castle

This presentation shares the latest updates from renowned authorities such as NIST, BSI, IETF, and X.9. What is new regarding standardizations and other insights and guidelines for navigating the quantum landscape?

We will also explore the landscape of cryptographic protocols, formats, and standards that require adjustment to withstand the quantum onslaught, from TLS and CMS to other crucial cryptographic protocols.

Tomas Gustavsson, Chief PKI Officer | David Hook, VP Software Engineering Bouncy Castle

This talk will cover hybrid cryptography within the context of post-quantum cryptography (PQC), exploring the rationale behind hybrid systems and their role in ensuring interoperability during migration and enhancing security against quantum threats.

We will discuss hybrid PKI, covering different suggested standards, their pros and cons, and contexts of use. Additionally, we will explore various PKI migration paths, offering strategies for different organizational needs. Organizations must navigate the quantum horizon with consideration of their unique circumstances.

Ben Dewberry, Product Manager, Signing and Key Management | Sven Rajala, International PKI Man of Mystery – PKI SME | Christofer Vikström, KTH Master Thesis Student

Ensuring the integrity and security of the software supply chain is crucial. This talk explores industry-standard practices like in-toto, SLSA, SBOMs, and SigStore Cosign, and their application to software development and distribution. We will also discuss leveraging the open-source signing software SignServer to fortify the software delivery process.

Andreas Philipp, Senior Business Development Manager, IoT | Florian Handke, Smart Production Engineer Campus Schwarzwald

This presentation explores collaborative efforts in the IoT ecosystem, highlighting partner use cases: Espressif Secure Boot v2, Mender Secure OTA with SignServer, and an Industrial Cybersecurity integrations with OPC-UA and EJBCA. We demonstrate deploying these solutions to fortify IoT infrastructures against security threats, emphasizing crypto agility and software supply chain security.

Tomas Gustavsson, Chief PKI Officer

We discuss the outcomes of our interoperability testing between PQC PKI/EJBCA and Hardware Security Modules (HSMs).

HSMs are foundational for building a production-ready PKI.

Sven Rajala, International PKI Man of Mystery – PKI SME | Christofer Vikström, KTH Master Thesis Student

Join our interactive workshop to learn the implementation of industry-standard practices like in-toto and Cosign with SignServer. Through practical examples, gain insights into fortifying software delivery against tampering and supply chain attacks. By the end, attendees will have the knowledge and tools to enhance the security and integrity of their software supply chains.

Tomas Gustavsson, Chief PKI Officer | David Hook, VP Software Engineering Bouncy Castle

Join us for an interactive workshop. We will delve into the practical aspects of building hybrid PKIs and seamlessly integrating quantum-safe cryptography into TLS.

The attendees will learn step-by-step procedures for setting up hybrid PKIs capable of issuing both classic and post-quantum certificates. We will then demonstrate interoperability with the OQS provider for OpenSSL3 and Bouncy Castle.

Henrik Sunmark, Senior Product Architect | Magnus Normark, Senior Product Manager

Whether you’re a beginner or an experienced user, this session is your chance to get answers to your questions, share insights, and explore the capabilities of EJBCA. Our experts are here to provide guidance, discuss best practices, and help you.

Markus Kilås, Senior Product Architect | Ben Dewberry, Product Manager, Signing and Key Management

Whether you’re new to SignServer or an experienced user, this session is your opportunity to ask questions, share experiences, and explore the capabilities of SignServer. Our team of experts is here to provide insights, offer guidance, and discuss best practices to help you leverage SignServer effectively in your projects. Join us for an interactive session where we’ll dive into the world of SignServer and explore its potential in secure digital signing.