Ortelius Blog
Topics include Supply Chain Security, Vulnerability Management, Neat Tricks, and Contributor insights.
SecureChainCon 2026
Categories:
SecureChainCon 2026
100% Online Event and Free to All
Software supply chain security is entering a new phase. Attackers are no longer limited to exploiting weaknesses discovered during development. They are targeting what’s already running in production, often within days of a vulnerability being disclosed. As AI accelerates both vulnerability discovery and weaponization, organizations must evolve from build-time scanning to continuous post-deployment defense.
SecureChainCon, hosted by the Ortelius open-source community, brings together practitioners, security leaders, platform engineers, and open-source contributors working to close the gap between vulnerability detection and real-world exposure. The conference focuses on making SBOMs operational, improving deployment visibility, and using automation and AI-assisted remediation workflows to reduce risk across live environments.
This is not another conference about scanning earlier in the pipeline; it’s about Continuous Threat Exposure Management (CTEM) and Remediation for what’s already deployed. SecureChainCon is designed for teams ready to move beyond pre-deployment scanning and toward continuous defense of the software that is already in production—where today’s attacks actually happen. Topics: You Can’t Manage What You Can’t See: The Role for Open Standards in the Age of AI With the ever-increasing adoption of AI, designing and developing products securely has been still more critical, but actively managing your deployed products has become imperative. So how do you manage those vulnerabilities post-deployment? Join this conversation with John Linford, The Open Group Security Portfolio Director, to learn more about tools, techniques, and (open) standards that can help you and your company gain visibility into your vulnerabilities and actively manage and mitigate them. John Linford is the The Open Group Security Portfolio Forum Director, responsible for facilitating the creation and delivery of standards and certification programs from the Security Forum, Open Trusted Technology Forum (OTTF), and Assured Dependability Work Group. These groups comprise the cybersecurity and supply chain security SMEs in The Open Group. The Open Group is a global consortium that enables the achievement of business objectives through technology standards. As Forum Director, John supports the leaders and participants of his Forums and Work Group in utilizing the resources of The Open Group to facilitate collaboration and follow The Open Group consensus-based Standards process to publish their deliverables. Suggested Topics: We welcome technical talks, practitioner case studies, architecture deep dives, research insights, and open-source demonstrations in areas including: Speaking at SecureChainCon gives you the opportunity to: Speaking at SecureChainCon gives you the opportunity to share innovations shaping the future of post-deployment vulnerability defense while influencing emerging practices around Continuous Threat Exposure Management (CTEM). You’ll help define how AI is transforming remediation workflows and connect with platform engineers and security practitioners working to solve real exposure problems in production environments. Presenters also contribute to the growing movement toward continuous runtime visibility across the software supply chain and engage directly with the Ortelius open-source security community, advancing the next generation of deployment intelligence and software supply chain defense. Talk Formats:
Run Free, Run Safe: Defend Post-Deployment in the Age of AI
Keynote Speaker - John Linford, The Open Group
Call for Speakers Open Through May 25, 2026
Why You Should Attend
- Learn how AI is changing the vulnerability landscape
- Understand how attackers are leveraging automation to weaponize CVEs faster—and what defenders must do differently to respond in production environments.
- Make SBOMs actionable instead of archival
- Discover how deployment-aware SBOM correlation enables teams to identify exactly where vulnerable components are running and prioritize remediation based on real exposure.
- Adopt post-deployment vulnerability defense strategies
- Explore emerging approaches like deployment digital twins that provide continuous visibility across applications, containers, services, and infrastructure.
- Reduce alert fatigue and focus on what matters
- See how endpoint-aware risk intelligence helps teams move from “scan everything” to fixing the vulnerabilities that actually impact running systems.
- Understand how AI enables safer, faster remediation
- Learn how AI-assisted dependency updates and workflow automation are helping organizations shrink remediation timelines from months to days.
- Connect with the open-source community building the next generation of supply chain security
- Collaborate with engineers and security practitioners advancing practical solutions for runtime visibility, SBOM operations, and deployment intelligence.
Who Should Attend
- Platform Engineers
- DevOps Engineers
- Full Stack Engineers
- Application Developers
- Security Engineers and CISO Teams
- Project Management
Key Takeaways
Shift Left Security: Understand the importance of integrating security practices early in the software development lifecycle (SDLC) to identify and remediate vulnerabilities at the source code level.
Automation is Key: Learn the role of automation in DevSecOps, from automated security assurance and vulnerability scanning to automated compliance checks and policy enforcement, to improve efficiency and consistency.
Culture of Collaboration : Recognize the need to foster collaboration and shared responsibility among development, operations, and security teams to effectively implement DevSecOps practices.
Threat Intelligence and Risk Management: Explore the importance of leveraging threat intelligence and risk management frameworks to prioritize security efforts, allocate resources effectively, and mitigate emerging threats.
Compliance and Governance: Address the challenges of maintaining compliance with regulatory requirements, such as aggregated SBOMs, and industry standards in DevSecOps environments.