Loading…
June 26, 2025 | Denver, Co
Learn More and Register To Attend

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for OpenSSF Community Day NA 2025 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Mountain Daylight Time. To see the schedule in your preferred timezone, please select from the drop-down located at the bottom of the menu to the right.

Schedule is subject to change.
← Back to schedule
Trends and Insights from the Sigstore Ecosystem - Eve Martin-Jones & Hayden Blauzvern, Google
Thursday June 26, 2025 11:25am - 11:45am MDT
Bluebird Ballroom 3A
Dive into the Sigstore ecosystem and discover insights about digital signing practices!

Sigstore provides tooling and services to simplify signing and verification. Critically, it makes signatures transparent and publicly auditable to detect malicious behavior. With the increasing adoption of Sigstore within open source communities, this has led to a wealth of information about supply chain security. Using the data in Sigstore's public transparency log Rekor, we can glean insights about signing in open source.

This talk will provide a brief overview of Sigstore, explaining its core components and how it enables secure digital signing. We will explore trends in how open source communities and organizations are utilizing Sigstore for signing, and answer questions such as, "What is the most commonly used identity provider?", "Do we see signing occur uniformly across a day?", and "How prevalent is the use of short-lived certificates rather than self-managed keys?"

Finally, we will describe how to access and leverage this data to find your own insights about the Sigstore ecosystem and signing in supply chain security.
Speakers
avatar for Hayden Blauzvern

Hayden Blauzvern

Technical Lead Manager, Google
Hayden Blauzvern is a technical lead manager on Google’s Open Source Security Team, focused on making open-source software more secure through code signing and applied transparency. Hayden is a maintainer and the community chair on the Sigstore project.
avatar for Eve Martin-Jones

Eve Martin-Jones

Senior Software Engineer, Google
Eve is an engineer working on open source software security at Google. She lives in Australia, with her cat Mochi, who is surprisingly proficient at JavaScript. Between D&D campaigns, she can be found deciphering the Cargo dependency-resolution algorithm bug-for-bug, advocating for... Read More →
Thursday June 26, 2025 11:25am - 11:45am MDT
Bluebird Ballroom 3A
  15-minute Sessions

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share
Share Modal

Share this link via

Or copy link