Open source software is foundational to modern development and runs at the core of Microsoft’s platforms, cloud services, and engineering workflows. Over time, Microsoft has evolved from consuming open source to actively contributing to and helping sustain the ecosystem. As reliance on open source has grown across the industry, so have the risks. Attacks targeting repositories, build systems, package registries, and dependency chains have shown that supply chain security is now a practical concern for every developer and organization. In this talk, Mark Russinovich begins with Microsoft’s open source journey and then examines the open source supply chain end to end, highlighting the role of the Open Source Security Foundation (OpenSSF) and initiatives in strengthening trust across the ecosystem.
The presentation will take place in Ballroom DE on Sunday, March 8, 2026 - 10:30 to 11:30
