🔐 COSCUP x UbuCon Asia 2026 CFP closes in 3 days — and today happens to be World Password Day.

📅 CFP Deadline: 2026/5/9 AoE
📨 Submit your proposal: https://pretalx.coscup.org/coscup-2026/cfp
📖 CFP announcement: https://blog.coscup.org/2026/03/coscup-x-ubucon-asia-2026-coscup-x.html

#COSCUP2026 #UbuConAsia #HITCON #CyberResilience #CyberSecurity #OpenSource #OpenSourceSecurity

⚡ New Secure Development Talk at BSides Luxembourg 2026!

𝗕𝗨𝗜𝗟𝗗𝗜𝗡𝗚 𝗩𝗦. 𝗕𝗨𝗬𝗜𝗡𝗚 – 𝗔 𝗧𝗔𝗟𝗘 𝗢𝗙 𝗗𝗘𝗩𝗘𝗟𝗢𝗣𝗜𝗡𝗚 𝗔𝗡 𝗜𝗡-𝗛𝗢𝗨𝗦𝗘 𝗦𝗖𝗔 𝗧𝗢𝗢𝗟 – Diogo Lemos

Why do Software Composition Analysis tools so often fail in practice? This 40-minute talk takes you inside the journey of building a production-ready, open-source SCA platform designed to fix exactly that problem. Instead of drowning teams in noisy alerts and inconsistent findings, the focus shifts to clarity, prioritization, and actionable risk reduction.

The session explores how to design and implement an SCA system that scales across large organizations—covering dependency discovery (including transitive ones), vulnerability aggregation from multiple sources, normalization of inconsistent data, and a risk-based scoring model that helps teams focus on what actually matters. A live demo will show a real repository being scanned, vulnerabilities being identified, and results flowing directly into CI/CD pipelines for actionable enforcement.

Diogo Lemos is an Application Security Engineer with deep experience in building security tooling at scale. Having worked at Checkmarx, Flutter Entertainment, and OLX, he specializes in automation, SCA, SAST, and scalable AppSec programs, and actively contributes to open-source security initiatives.

📅 Conference Dates: 6–8 May 2026 | 09:00–18:00
📍 14, Porte de France, Esch-sur-Alzette, Luxembourg
🎟️ Tickets: https://2026.bsides.lu/tickets/
📅 Schedule: https://hackertracker.app/schedule?conf=BSIDESLUX2026

#BSidesLuxembourg2026 #SecureDevelopment #SCA #SupplyChainSecurity #AppSec #OpenSourceSecurity

⚡ New Talk Spotlight at BSides Luxembourg 2026!

𝗖𝗨𝗥𝗔𝗧𝗜𝗡𝗚 𝗦𝗘𝗖𝗨𝗥𝗘 𝗦𝗢𝗙𝗧𝗪𝗔𝗥𝗘: 𝗧𝗛𝗘 𝗔𝗥𝗧 𝗢𝗙 𝗦𝗘𝗟𝗘𝗖𝗧𝗜𝗡𝗚 𝗦𝗔𝗙𝗘 𝗗𝗘𝗣𝗘𝗡𝗗𝗘𝗡𝗖𝗜𝗘𝗦 – Frithjof Hoffmann

Rethink how you build software in this insightful 40-minute session from the Secure Development track. Just like curating an art gallery, selecting dependencies requires careful evaluation, authenticity checks, and long-term consideration. This talk explores how overlooked third-party components can introduce hidden risks—from vulnerabilities and malware to licensing and maintenance issues.

Discover practical strategies to assess, manage, and automate dependency selection, while building a trusted and resilient software supply chain. Learn how adopting a “curation mindset” can transform development practices—helping teams move beyond blind trust and toward secure, high-quality foundations.

Frithjof Hoffmann is a cybersecurity professional specializing in software supply-chain security, threat intelligence, and risk management. With a strong focus on helping organizations reduce risk and improve visibility, he brings practical expertise in building secure and scalable software ecosystems.

📅 Conference Dates: 6–8 May 2026 | 09:00–18:00
📍 14, Porte de France, Esch-sur-Alzette, Luxembourg
🎟️ Tickets: https://2026.bsides.lu/tickets/
📅 Schedule: https://hackertracker.app/schedule?conf=BSIDESLUX2026

#BSidesLuxembourg2026 #SecureDevelopment #SupplyChainSecurity #OpenSourceSecurity #AppSec #CyberSecurity

I had another chat with David Bernstein about creating a disaster recovery plan on #OpenSourceSecurity

With all the events unfolding almost every day lately, there's never been a better time to put a plan like this together. In a few weeks David will tell us how to test such a plan once we create it

It's a lot less complicated than it seems, I know I've made this a lot harder than it needs to be

https://opensourcesecurity.io/2026/2026-04-disaster-planning-david-bernstein/