Ortelius Blog
Topics include Supply Chain Security, Vulnerability Management, Neat Tricks, and Contributor insights.
SecureChainCon 2026
Categories:
SecureChainCon 2026
Run Free, Run Safe: Defend Post-Deployment in the Age of AI
Software supply chain security is entering a new phase. Attackers are no longer limited to exploiting weaknesses discovered during development. They are targeting what’s already running in production, often within days of a vulnerability being disclosed. As AI accelerates both vulnerability discovery and weaponization, organizations must evolve from build-time scanning to continuous post-deployment defense. SecureChainCon, hosted by the Ortelius open-source community, brings together practitioners, security leaders, platform engineers, and open-source contributors working to close the gap between vulnerability detection and real-world exposure. The conference focuses on making SBOMs operational, improving deployment visibility, and using automation and AI-assisted remediation workflows to reduce risk across live environments. This is not another conference about scanning earlier in the pipeline; it’s about Continuous Threat Exposure Management (CTEM) and Remediation for what’s already deployed.
SecureChainCon is designed for teams ready to move beyond pre-deployment scanning and toward continuous defense of the software that is already in production—where today’s attacks actually happen.
Topics:
- Demos for Ortelius V.12
- Resources and Tooling for Post Deployment Vulnerability Detection/Remediation
- Sense, Reason, Act AI Models for Vulnerability Management
- Continuous Threat Exposure Management
- Meeting CRA and CISA vulnerability response requirements
Why You Should Attend
- Learn how AI is changing the vulnerability landscape
- Understand how attackers are leveraging automation to weaponize CVEs faster—and what defenders must do differently to respond in production environments.
- Make SBOMs actionable instead of archival
- Discover how deployment-aware SBOM correlation enables teams to identify exactly where vulnerable components are running and prioritize remediation based on real exposure.
- Adopt post-deployment vulnerability defense strategies
- Explore emerging approaches like deployment digital twins that provide continuous visibility across applications, containers, services, and infrastructure.
- Reduce alert fatigue and focus on what matters
- See how endpoint-aware risk intelligence helps teams move from “scan everything” to fixing the vulnerabilities that actually impact running systems.
- Understand how AI enables safer, faster remediation
- Learn how AI-assisted dependency updates and workflow automation are helping organizations shrink remediation timelines from months to days.
- Connect with the open-source community building the next generation of supply chain security
- Collaborate with engineers and security practitioners advancing practical solutions for runtime visibility, SBOM operations, and deployment intelligence.
Who Should Attend
- Platform Engineers
- DevOps Engineers
- Full Stack Engineers
- Application Developers
- Security Engineers and CISO Teams
- Project Management
Key Takeaways
Shift Left Security: Understand the importance of integrating security practices early in the software development lifecycle (SDLC) to identify and remediate vulnerabilities at the source code level.
Automation is Key: Learn the role of automation in DevSecOps, from automated security assurance and vulnerability scanning to automated compliance checks and policy enforcement, to improve efficiency and consistency.
Culture of Collaboration : Recognize the need to foster collaboration and shared responsibility among development, operations, and security teams to effectively implement DevSecOps practices.
Threat Intelligence and Risk Management: Explore the importance of leveraging threat intelligence and risk management frameworks to prioritize security efforts, allocate resources effectively, and mitigate emerging threats.
Compliance and Governance: Address the challenges of maintaining compliance with regulatory requirements, such as aggregated SBOMs, and industry standards in DevSecOps environments.