Here are valuable references and resources for understanding and implementing open source security and supply chain protection.

Security Frameworks & Standards

Vulnerability Databases

Security Tools & Scanners

Package Registries & Metadata

SBOM Tools & Standards

Policy & Compliance

Research & Intelligence

Learning Resources

Books and Publications

Training and Certification

Industry Organizations

Conferences and Events

Major Security Conferences

  • RSA Conference - Premier cybersecurity event
  • Black Hat / DEF CON - Security research and hacking conference
  • BSides - Community-driven security conferences worldwide
  • OWASP Global AppSec - Application security conference

Supply Chain Specific Events

  • Supply Chain Security Summit - Focused on software supply chain
  • KubeCon + CloudNativeCon - Cloud native and container security
  • Open Source Summit - Linux Foundation’s flagship open source event
  • DevSecOps Days - Local DevSecOps community events

Tools Integration

CI/CD Platforms

Container Security

Community Resources

Regular Publications

Security Newsletters

  • tl;dr sec - Weekly security newsletter
  • Krebs on Security - Security journalism and investigation
  • The Hacker News - Cybersecurity news and insights
  • Dark Reading - Enterprise security coverage

Research Publications

  • ACM Digital Library - Academic computer science research
  • IEEE Xplore - Engineering and technology research
  • arXiv Security - Preprint security research papers
  • USENIX Security - Systems security research

This curated list represents some of the most valuable resources in the open source security and supply chain protection space. For the latest tools, research, and best practices, consider joining our community where members share updates and discoveries.

Resources are regularly updated as the security landscape evolves. Submit suggestions for additional resources through our GitHub repository or community channels.