I'm Rose and I'm a Senior Open Source Engineer on the OSPO Supply Chain Security team at VMware. As part of my role there I maintain Tern, a container inspection tool that helps users better understand their container supply chain. I also focus a great deal on open source tooling for Software Bill of Materials (SBOMs) and how, as an ecosystem, we can generate and exchange SBOMs more efficiently. Prior to VMware, I worked on embedded Linux distributions at IBM.
Most of my work revolves around open source. I'm a contributor to the SPDX Tech and Security specification and lead the SPDX Implementers working group. I'm currently the chair of the Automating Compliance Tooling Technical Advisory Council as well as the Chair of the SPDX Steering Committee and speak at Open Source conferences around the world. I sometimes write blogs for my employer about a variety of Open Source topics, too (Reproducible builds, anyone?). I was even lucky enough to have my open source journey profiled for the GitHub ReadME project.
When I'm not working from home you'll find me skiing β·οΈ, running πββοΈ, or riding my bike π΄ββοΈ with my family.