You'd better start believing in supply chains because you're in one (SCaLE 23x)

At SCaLE 23x, I’ll debut “You’d better start believing in supply chains because you’re in one.” This is my first talk that started as a silly joke, but it covers a serious and timely topic.

Two-panel image macro using scenes from "The Pirates of the Caribbean." In the top panel, a pirate looks into the camera and says "You'd better start believing in supply chains." In the bottom panel, the lighting is bluer and the pirate's face is decomposed as if he's been dead for a while. He says "you're in one."

Abstract: “I’m not a supplier!” open source maintainers correctly say. When a large company comes in making unfunded demands, it drives volunteer maintainers away. But supply chain attacks are a reality and they don’t just affect megacorps. As an open source maintainer, you have a supply chain, too.

Improving your security improves safety for everyone. But how can volunteer maintainers who aren’t security experts do this work? This talk introduces easy practices and tools to address common software supply chain concerns. Attendees will also learn how to address supply chain and regulatory concerns from their downstreams.

Date: 8 March 2026

Location: Pasadena, CA, US

Resources

Looking for links to the tools I mentioned in the talk, perhaps because you’re sitting in the audience right now?

Categories:Talks

Tags:conferences SCaLE security software supply chain supply chain

Ben Cotton

Ben is the Open Source Community Lead at Kusari. He formerly led open source messaging at Docker and was the Fedora Program Manager for five years. Ben is the author of Program Management for Open Source Projects. Ben is an Open Organization Ambassador and frequent conference speaker. His personal website is Funnel Fiasco.