This talk was given at the Google Open Source Ecosystem Security Roundtable.
[github.com/ossf/wg-securing-software-repos/issues/16](https://github.com/ossf/wg-securing-software-repos/issues/16)
[github.blog/2023-03-09-raising-the-bar-for-software-security-github-2fa-begins-march-13](https://github.blog/2023-03-09-raising-the-bar-for-software-security-github-2fa-begins-march-13/)
[github.com/rust-lang/crates.io/issues/3400](https://github.com/rust-lang/crates.io/issues/3400)
[github.blog/2021-04-05-behind-githubs-new-authentication-token-formats](https://github.blog/2021-04-05-behind-githubs-new-authentication-token-formats/)
[docs.pypi.org/trusted-publishers](https://docs.pypi.org/trusted-publishers/)
[docs.npmjs.com/cli/v10/commands/npm-sbom](https://docs.npmjs.com/cli/v10/commands/npm-sbom)
[repos.openssf.org/build-provenance-for-all-package-registries](https://repos.openssf.org/build-provenance-for-all-package-registries)
[github.com/npm/attestation/tree/main/specs/publish/v0.1](https://github.com/npm/attestation/tree/main/specs/publish/v0.1)
[github.com/trailofbits/homebrew-attestation/tree/main/specs/publish/v0.1](https://github.com/trailofbits/homebrew-attestation/tree/main/specs/publish/v0.1)
[github.com/ossf/package-feeds](https://github.com/ossf/package-feeds)
[github.com/ossf/wg-securing-software-repos/issues/16](https://github.com/ossf/wg-securing-software-repos/issues/16)