About me
Abhishek Arya is a Principal Engineer leading Google's Open Source and Supply Chain Security efforts. He has been a key contributor to the OpenSSF since its inception, serving on the technical advisory board and leading technical initiatives that have advanced the security of the open source ecosystem. His leadership has led to the creation of industry-standard security frameworks and tools: SLSA, fortifying software supply chains; Sigstore, ensuring software integrity with robust signatures; Scorecards, providing critical security health metrics; and OSV-Schema, standardizing vulnerability information for enhanced precision and automation. Prior to this, he was a founding member of the Google Chrome Security team and built OSS-Fuzz, a massive-scale automated fuzzing infrastructure that secures Google and the broader open source ecosystem.
Abhishek is a valued voice in open source security, providing guidance to governments and organizations globally. He has contributed to shaping policies through his involvement in initiatives like the White House OSS security summits, NIST/NSF/OMB U.S. OSS Security workshop and serving on the NSF review panel. His thought leadership is evident in his contributions to numerous whitepapers, including the CISA JCDC guidance on securing open source software in OT environments.