Eddie Knight

Author, Speaker, Engineer

Nix (Records of the Mechanocene)


Following the global wave of innovation on artificial intelligence, machine learning tools, and every possible variation of GPT driven chatbots… Ishmael has been propelled to Chief Technical Officer of Paragon Logic, the most ambitious technical organization of the 21st century.

But no one …

Read More

Eddie Knight on #book

DevOpsDays Chicago 2023


In 2023, the demand for secure software development skills is at an all-time high. As DevOps professionals, we need to focus on secure CI/CD pipelines, helping developers secure code, and securing supply chains.

During this workshop we’ll discuss best practices to lock down CI pipelines and how to …

Read More

Eddie Knight on #event

KCDC: All your Security Shifted to the Left


In this half-day workshop: We look at how to implement secure coding practices, and then move on to discuss the ins and outs of modern continuous integration. After we lock down our CI pipelines, we’ll look at how to find vulnerabilities in our dependencies. Armed with that information we’ll learn …

Read More

Eddie Knight on #event

How I Got Involved with the OpenSSF


Let’s get it out of the way early: it’s not always clear how you can best plug into organizations like OpenSSF. That’s why I’m writing this guest blog post as an “outsider.” I’m just your average tech employee who has become progressively more involved since my company, Sonatype, became members of …

Read More

The Impact of Security Testing on an Organization


Choosing the right security testing tools is hard, because each type of tool has a different purpose with unique strengths. It can get confusing, but it’s a lot easier when you can sort them into different methodologies. And the process becomes almost simple once we properly understand the different …

Read More

Cloud Native Security Slam


Organizer and host of this annual event. The topic was recently announced for 2023.

Security Slam is a 30-day challenge designed to help creators and users of CNCF projects improve their software supply chain security at scale. Participants will have access to the Security Slam Library, which will …

Read More

Pythonista’s Guide to the OWASP Top 10


If you’re like many developers or IT professionals, you may have mixed feelings about these lists. I get it. On one hand, you know they’re important for keeping your applications and systems secure. On the other hand, they can be overwhelming, dry, and difficult to implement.

But what if …

Read More

Keepin it SAST-y


Conference speaker & organizer for the Open Source Security Foundation info booth at 2023’s largest Java Conference in North America.

Read More

5 Tools to Automate SBOM Creation


If you search for “How to Automate SBOM Creation” you’ll find a huge number of results. As a software engineer, I personally get frustrated by those results almost instantly. Instead of telling me how to automate the creation of my SBOM, most of them spend half the article telling me why I should …

Read More

What the OpenSSL Vulnerabilities Are…and Aren't


In this article, we won’t be going into detail about how the vulnerability came to be or even how to patch it (in short: upgrade to the latest). Instead, we’ll be taking a quick look at what an exploit against these two new issues could be able to do- and compare it to two other common dependency …

Read More

Stop the Low-Quality Contribution Plague


I was in a discussion thread with folks from Cloud Native Computing Foundation and Kubernetes today, and this phrase came up again. The context was something along the lines of… “we’re afraid that will encourage low-quality contributions.”

Let’s dig in to this.

Read More

How to Become a New Open Source Contributor


Becoming a new contributor to open source software is one of the biggest obstacles I watch people hit regularly.

I’ve seen a hundred false starts from recent grads and even people who have been working in tech for years. The obstacle is consistent, but the solution isn’t always simple.

Read More

FINOS Coaching Award


Formally recognized for guiding leaders to restructure their open source project in a way that increased efficiency, streamlined communication, and enabled diverse contributors to reach their full potential.

Read More

Community Spotlight


Eddie Knight and Lee Faus recieved a Community Spotlight for their collaboration to push forward the Compliant Financial Infrastructure project.

Read More