A Central Evidence Store to Gather Continuous Security Intelligence

You Should Always Know Where Log4J is Running


The mission of the Ortelius community is to expose weak links in the software supply chain by continuously gathering and analyzing software supply chain intelligence introduced across the DevOps pipeline. Generating security insights like SBOMs is not enough to harden your software supply chain. Consumption and analysis of the data is needed to rapidly respond to supply chain threats.

IT teams struggle to respond to threats when critical security intelligence is fragmented across tools and managed at the container level. Ortelius gathers and aggregates security and DevOps intelligence, tracking open-source inventory and vulnerabilities at the higher organizational levels including logical applications, runtime environments and organizational domains.

With Ortelius, you can easily answer the question, “where is Log4J running?”

The latest version of Ortelius is maintained by the Ortelius Community managed by the Continuous Delivery Foundation, part of the Linux Foundation. Corporate support comes from DeployHub with 80% of the codebase from DeployHub’s Continuous DevSecOps Intelligence Dashboard.

Ortelius Evidence Store

View SecureChainCon 2024 - On Demand


SecureChainCon

SecureChainCon Now Available on YouTube

Watch SecureChainCon 2024, the online conference designed to foster knowledge sharing, and explore the challenges of implementing software supply chain security practices into fragmented, decoupled architectures. Topics of sessions and workshops presented by expert practitioners include forensic gathering, open-source tooling, and real-world use cases for integrating security into DevOps workflows.

Why You Should Watch:

  • Hear presentations by expert practitioners
  • Learn about supply chain security in decoupled architectures.
  • Explore use cases from leading companies with their latest innovations and gain insights into the future direction of software supply chain management.

View Playlist

Keynote

Caroline Wong

Caroline Wong presents: Fortifying the Fortress: Exploring Offensive and Defensive Strategies in Cybersecurity

Understanding cybersecurity requires first an understanding of how to defend against the various types of common cyberattacks from nefarious code being introduced into the software supply chain to penetration attacks and network breaches. But building a strong defense system will not be enough. Organizations will need to start thinking of ‘offensive’ strategies to complete the picture. Join Caroline Wong as she breaks down implementing defensive techniques supported by offensive strategies.

Caroline Wong is the Chief Strategy Officer at Cobalt.io. She has 15+ years of cybersecurity leadership, including practitioner, product, and consulting roles. Caroline authored the popular textbook, Security Metrics: A Beginner’s Guide. She teachers cybersecurity courses on LinkedIn Learning and hosts the Humans of InfoSec podcast.

Learn More About Ortelius


Continuous Software Supply Chain Versioning

Read more …

Supply Chain Evidence

Read more …

Logical Application Tracking

Read more …

Get Involved:


Contribute

Read more …

Open an Issue

Read more …

Attend Out Community Meetings and Events

Read more …

Abraham Ortelius – Our Inspiration

Abraham Ortelius

Abraham Ortelius made his name by collecting data from scientists, geographers, and cartographers of his time and transforming it into what the world now knows as a world Atlas. His Atlas, titled Theatrum Orbis Terrarum (Theatre of the World), was published on May 20, 1570. His Atlas disrupted the way the world was seen, with the first concepts imagining continental drift. Also of interest are the sea monsters shown in the water – mythical creatures that were a subject of fascination in Ortelius’ generation.

A Thought Leader in Sharing

Ortelius also in some ways created on open source community of his day. To accomplish his goal, he was the first cartographers to give credit to his fellow scientists by adding their names to the Atlas. Ortelius was known to have corresponded with other professionals throughout Europe and pulled together their knowledge to create his publication and a truly global view of the world.

Thank you Abraham Ortelius for showing us the way.