I specialize in software supply chain security, platform and code integrity, confidential computing, provenance and transparency systems, and key management across hosts, containers, and scale-out cloud platforms.
I've built Linux distributions of various sizes, from a consumer-focused one that has millions of end users to custom-built Linux desktop distros for the Enterprise. Nowadays, I focus on researching how distro package management and distro release cadence and security are relevant to the open source software supply chain problem.
I polled a global audience on open source sustainability in 2019 and identified a few elements that are missing in the conversation: incidence of "income inequality" problem, definition and negative influence of "freeloaders", role of "codes of conduct", and differences between "recognition" and "survivability".
Most of my writing lives in GitHub Gists or LinkedIn Articles. I have presented at several conferences from Argentina to Tunisia, with slides often available in Speaker Deck. Here's some selected, earlier works: