BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//pretalx.coscup.org//coscup-2026//talk//TPZAHJ
BEGIN:VTIMEZONE
TZID:CST
BEGIN:STANDARD
DTSTART:20000101T000000
RRULE:FREQ=YEARLY;BYMONTH=1
TZNAME:CST
TZOFFSETFROM:+0800
TZOFFSETTO:+0800
END:STANDARD
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-coscup-2026-TPZAHJ@pretalx.coscup.org
DTSTART;TZID=CST:20260808T105000
DTEND;TZID=CST:20260808T112000
DESCRIPTION:Building a sovereign\, open-source cloud platform for telecommu
 nications environments is more challenging than it seems. The telco use ca
 se involves addressing the need for an evolving security architecture. Onc
 e teams commit to SBOM compliance\, a long tail of previously invisible vu
 lnerabilities suddenly becomes visible.\n\nThis talk will demonstrate how 
 utilising an open-source toolkit can help teams establish a solid foundati
 on for compliance and security hardening on telco cloud platforms. Tools s
 uch as Syft\, Grype\, DefectDojo\, the OpenSSF Scorecard and GitHub for Op
 en Source can help development and security teams establish an integrated 
 CI/CD pipeline for DevSecOps\, gain visibility into the security posture o
 f your project\, deliver a verifiable SBOM to end users and automate depen
 dency monitoring and management.\n\nWe will walk through how component sca
 nning and SBOM management can reduce unresolved vulnerabilities by 80%. In
 tegrating security tooling into the CI/CD pipeline reduces time to resolut
 ion and enhances the developer experience. Ingesting the scan findings and
  artefacts into a centralised platform enables faster triage\, prioritisat
 ion and resolution of vulnerabilities in a methodological manner. We will 
 also demonstrate how open source tooling feeds into compliance and soverei
 gnty for telco deployments. \n\nAttendees will learn how to design an SBOM
 -native release workflow and how to triage an SBOM without stopping delive
 ry. They will also discover why open source and digital sovereignty go han
 d in hand. They will also learn how to turn security compliance from a bot
 tleneck into a competitive advantage and understand why open source is the
  only foundation that makes digital sovereignty possible.
DTSTAMP:20260713T142435Z
LOCATION:TR209
SUMMARY:Securing the Open Source Telco Cloud: SBOMs\, Supply Chains\, and C
 ompliance at Scale - Brian Su
URL:https://pretalx.coscup.org/coscup-2026/talk/TPZAHJ/
END:VEVENT
END:VCALENDAR
