Valentin Rothberg
Valentin was a core maintainer of Podman, driving advancements in Edge, HPC, security, and performance. He helped kick off Image Mode for RHEL and bootable containers, and served as Product Owner for Image Mode. He pioneered in agentic AI development ultimately leading to his current role as the architect of Project Hummingbird, a critical supply chain security initiative providing a curated catalog of minimal, hardened, and secure container images built on a modern, automated pipeline.
Red Hat
Senior Principle Software Engineer
Session
There's been a monumental increase in the number of CVEs tracked in Open Source. Nearly 50,000 identified in the last year: 130 a day. In part, this is due to AI.
We see an opportunity here to change Open Source software to be fundamentally more secure: Agents can cross check for exploitability and vulnerable patterns, port more easily to secure languages, and we can work at scales that were impossible before.
However, the current tsunami of CVEs has made it nearly impossible for users to determine what software they use is actually vulnerable. Manually assessing vulnerabilities, and backporting patches, the way traditional Linux distributions have done for decades, is becoming untenable at this scale. The math no longer works.
We'll look at one approach that does work: Hummingbird which consists of minimal, distroless containers built as close to upstream as possible on a fully automated supply chain, no humans involved until required. The result: zero known CVEs at time of delivery.
But that’s not enough. Lets get beyond this tsunami, and how we get to prevention of vulnerabilities.