| title |
|---|
4th KTH Workshop on the Software Supply Chain 2025 |
Welcome to the 4th KTH Workshop on the Software Supply Chain in Stockholm, Sweden. This workshop is organized in the context of the CHAINS research project.
- Location: KTH, Stockholm, Sweden, Salongen, KTH library
- Date: Friday 25 April, 2025
- Time: 9h-17h
- Registration is free of charge but compulsory for the sake of lunch/fika planning. Register Here 😄
| Time | Event |
|---|---|
| 0830 | Welcome coffee |
| 0900 | Opening |
| 0915 | Keynote: Hervé Boutemy (Sonatype, Apache Software Foundation) |
| 1015 | Break + Poster session |
| 1100 | (order may change, duration 20 minutes each) |
| * Talk 1: Aman Sharma, Build Integrity | |
| * Talk 2: Julien Malka, Does Functional Package Management Enable Reproducible Builds at Scale? Yes | |
| * Talk 3: Tina Heidinger (Github), Fredrik Skogman (GitHub), Github Attestations | |
| * Talk 4: Frank Reyes, Fixing Breaking Dependency Updates Using LLMs | |
| 1230 | Lunch at Syster-o-bror |
| 1400 | Keynote: Henrik Plate (Endor Labs) |
| 1500 | Break |
| 1530 | Tool session |
| * maven-lockfile | |
| * sbom.observer, Andreas Bielk, Generating SBOMs for C/C++ | |
| * dirty-waters | |
| * ghasum | |
| 1645 | Closing |
Hervé Boutemy
TBD
Speaker Bio
Henrik Plate is the principal security researcher at Endor Labs. He formerly worked for SAP Security Research, where he established and led the focus topic “Open Source Security” starting 2014. He co-authored several academic papers on this topic, presented at academic and industry conferences like the RSA, is the project lead and core-developer of Eclipse Steady (an open source solution using program analysis techniques to assess the exploitability of vulnerabilities), and contributes to the Risk Explorer for Software Supply Chains (an open source solution to understand supply chain threats and safeguards). He earned his PhD in 2024 from the University of Rennes, France, with a thesis titled “On the Security Risks of Open Source Consumption: Vulnerabilities and Supply Chain Attacks in the Era of Open-Source-Based Software Development”. He received his MSc in Computer Science and Business Administration in 1999 from the University of Mannheim, Germany, and holds a CISSP certification.
