 Hello, everyone. I will get started now. Everyone who has circled in, please feel free to join the Slido on the deck. I'd love to have some audience interaction as a big part of this talk. But yeah, welcome to the impact of media on cybersecurity using art to visualize software supply chain security trends and increase awareness of popular library vulnerabilities. A quick introduction. Hi, I'm Anova. I am currently a computer science and business student at the University of British Columbia. I'm also an artist and a technologist, which encompasses many things which we will get into soon. And I'd love to touch on three main topics, art, cybersecurity, and open source. So I will touch on a visualization, a zine, which you may have seen around the conference, and three collective futures of collaboration, information sharing, and the future of how open source can be more interdisciplinary and collaborative. If you are so inclined, I also have my GitHub on the screen, which you can check out and see my code and all the data I've used for the visualizations you will see in the zine and also the slide deck. Now enough about me. I'd love to hear a little bit more about you. So please feel free to scan the QR code and let me know a little bit more about who you are. And apologies, this is my first time using Slido. Amazing, it's working slightly. Pause. Just kidding. There we go. Okay, amazing. How are you in this room? I'd love to hear. We have hello in big multi-response. Hello in the second front row seat. Amazing. Welcome. And yeah, I'd love to hear your professional or obvious identities. Any of you are welcome here and perfect. Hi, welcome if you've just trickled in. And the Slido is on the screen. Perfect. Yeah, it's lovely to see the discography of the room and how diverse and interesting everyone is. Cool, so I will be keeping this running in the background. Please continue. And we're going back to our presentation. This is such, sorry, this is very new. Okay, awesome. So in this talk, we have three main points that I'd like to disclose and teach to this room. So first to collaborate on technical storytelling for diverse audiences. Two, to use open source frameworks for creating new and novel visualizations on perhaps old or present and also future data. And three, to use multidisciplinary techniques to measure, predict and expand awareness of OSS supply chain vulnerabilities. So my main question is how can we represent software supply chain issues in a way that is accessible, visually pleasing and most importantly communicative of critical patterns. I want you all to look at the visualization that I will be pulling up shortly. And I'm very curious about what everyone thinks this is. Feel free to either shout it out or it's going to be very janky again. But the Slido shall be opened to the next poll. Let me know if this is working. Okay, I see participant typing. This is wonderful. So we have array, lasers, matching diagram and 80s light show. I'm very intrigued and we'll follow up on that. A matching diagram, very, very close. Okay, perfect. I'm going to show. So here is the crowdsourced responses. And I'm really interested in how people can interpret something from different points of view. And this is exactly what I am also investigating in my artistic practice in this talk. So thank you so much for your responses. We have a synthwave, a school picture background. I would love to see the school picture that comes out of that. Amazing glamour shots and a Donald Judd sculpture. Perfect. Okay, I will back to the PowerPoint. Amazing. Whoa, that's so cool. All right. It is actually a data visualization. Wow, mind blowing. So I am going to go a little bit about how I created this using scraped trend data from sonotypes 2022 state of the software supply chain report. So on the your left, you see a graph of log for shell, spring shell and a third popular library that was unnamed. And this is the relationship between the percentage that they are not vulnerable versus the weeks since vulnerability. And this graph is kind of interesting because it's based on media and press coverage, not only within a community but in the open source community but externally social media and the public eye. So this was really interesting to investigate and to bring in a new variable that isn't touched always in the OS community. So I scraped the data from the page and put it into a beautiful Excel spreadsheet, which we love. And then imported this into p5.js and open source creative coding framework. This also is one of my first sort of interactions with open source. So when I first started my degree in computer science, I wanted a way to learn my coding principles from my computer science classes in a way that was interesting to me as somebody who loves art design and creating things that are just pretty and beautiful for the sake of it. It might be a little bit different than what my courses taught or how traditional programming or principles are initially introduced to students, but using a creative framework like p5.js open processing was a great way for me to interact with my knowledge and also bring in a new and novel way of seeing information. So here is my previous beautiful Excel spreadsheet visualized in the framework. And this is all available on my GitHub if you're interested. But yeah, there's my code, my data and the visualization that comes out of it. So it's reproducible. It's fully accessible on my GitHub. And it is also originally sourced from an open source community creative coding community that is very dear to my heart. And here you can see I set the higher percentage of not vulnerable. So 90%, 95% to warmer colors. And you'll see that for the log for shell, which I will show in just a second. There are a lot warmer colors, higher percentage of not vulnerable. So vulnerabilities got fixed quicker due to media coverage and public interest. On the other side, lower percentage not vulnerable was set to cooler colors. And you can see this reflected in the unnamed popular library. Now, these were both extremely important vulnerabilities, but one of them got more media and press coverage than the other. So here is log for shell, which we are all familiar with. It is warm. It is vibrant. And it was fixed quicker because media cared about it more, according to this specific data set. And here is the unnamed popular library, which is cooler and more dampened, especially at the very top, where we have the first few weeks having extremely low percentage of not vulnerable. So there really wasn't as much of an enterprise move in response due to this lack of media coverage. And I just wanted to show some more works I've created using these data sets and open up sort of an avenue for evolution with art and data. So here you can see I projected these visualizations onto me. And I also did self portrait photography. So I sort of repurposed my visualizations in a way that is representative of perhaps non-traditional media, especially in the cybersecurity world. So these are just more ways that we could play with data and get people interested that are outside of the core kind of developer community and gain interest from external media stakeholders. This leads me to the cyber escape zine, which you have seen around this conference. But this was an idea I had to create a platform and presentation of information in a way that was tangible that you could hold in your hand. And I was really inspired by zine culture. So Vancouver is quite famous for a zine culture. And it also has been reflective of underground sort of activist communities just throughout time. I'd love this idea. And I found that it also aligned with the open source model of development. And I'd love for open source models to be applied to different mediums, further than code and technology. And also through information, communication and artistic creation, whatever that means. Here are just some pages I wanted to highlight. I say we as Sal and I collaborated on this project. But I love these pages. Each page has quotes sourced from the open source community. And we wanted this to be a very like low barrier and community led project that wasn't owned by a specific entity or corporation, but was rather owned and sourced and dictated by the people of the community, which I also believe aligns with open source development. This leads me to future goals and I'll touch on a few, but I also want to send this question back to the audience. For me, I'd love to see a future where collaboration is interdisciplinary and filled with people of all backgrounds to be able to see data and issues in novel ways, especially from a point of view of mainstream media, which we've seen has impacted vulnerabilities, speed and enterprise responses in a way that previously may not have been as important or just have as much awareness. So I'd love to open this up to the audience as well. My final janky Slido transition. So and then I'd love to open this up for future discussion Q&A. Let me just perfect awesome. Here typing to touch on a few of my goals. I'd love for a self published and distributed art project to go beyond today and this conference. I think it would be an incredible opportunity to share and just collaborate on information and technical non technical education, bringing in people of all backgrounds into open source in a way that is representative and inclusive of all. And I'd love to show this now if my PowerPoint will allow me to. Amazing. So we see technical non technical visualizations for access control. Amazing. The diagram or society. Something that reaches the skeptical. Amazing. By skeptical if anybody is interested in sharing in the audience. Would somebody like to touch on what skeptical means or what it means to you. If not, I can. I can divulge what I think skeptical is. Okay, amazing. Yeah, I'd love to have something that reaches the skeptical. And sprays them to do action. When previously before there wasn't visuals or language that articulates. A key point hasn't really been discussed before like media and press response to vulnerabilities and how. Enterprises and also how the community can react in time. All right. Thank you so much for all of your responses. I'll leave this up for a little bit more. But yeah, thank you so much. I'll conclude my talk just with a few tidbits and I do apologize recap in case you forgot. So. The future. Could be bleak without collaboration and new novel ways of seeing things. I think there needs to be an incentive for new people. Developers, maintainers. Marketers. Artists developers all to join. And become involved in ways that aren't necessarily traditional and open source. I myself had never imagined to be in this space before I first touched a JavaScript open JavaScript framework for visualization and created something that I thought was beautiful and visually pleasing. This is definitely not the prime motivator of a lot of other members or stakeholders. We all have different goals, but together and in a way that can bridge the gap between. Businesses, the media and the people who are creating, maintaining and developing is critical. And it's something that we need to have a future that is informed, inclusive and secure. That is all I have. Thank you so much. I now would love to invite Sal up here to touch on our GitHub and seeing layout. If you'd like to come up. Thank you so much. Hey, so the reason why we have zines today is because a couple of months ago, like I've known a Nova for years on the internet just open source right never met. And I was like, Hey, don't you live in Vancouver open source summit's going to be there? What would you do? Like what do you want to do? And they said zine and I had to be like, what is a zine? And aren't these cool? But as we move forward at the next open source summit and maybe the next ones after that, we're going to keep collecting these stores are going to keep collecting resources. These are really calls to action how to get people meaningfully engaged. So we need to be collecting the resources around that that GitHub right now is just a contributor file and a couple of images because I'm in charge of the GitHub and I was moving last week. So but as we get more resources together, that's really where I'm going to open up some discussions. We're going to use the issues and the open source contributor model to do non traditional outreach online and offline moving forward. So get involved. Perfect. And the link for submissions is here. And the GitHub is below. So yeah, please get involved. And this is very feedback driven. And yeah, I can open up for any Q&A. I believe Slido also has a Q&A feature. But if you'd like to speak with me, IRL that'd be awesome to open up for questions. I'm looking for both actually so I'd love datasets and I really liked the kind of like visual way you were like looking for technical, I guess, or more complex information being portrayed in like visually. Okay, yeah, I think I'm really interested in that as well. So I'm interested in like hypotheses you might have or even conclusions that you'd like visualize in a new way or something that is communicated in an easier and more understandable way. So I am, yeah, I'm totally interested in that. You can feel free to like submit something or just talk to me after. Yeah, I'm really interested that is collaboration in all forms. Yeah, for sure. I have been pondering this for a long time, not an extreme long time but recently it's been such a topic of discussion among like artists and developers and a lot of people and sort of my circle. I think it's important for artists to evolve with technology and tools as they evolve to not be sort of lagging behind what is going on in the technical space. This is something I really want to push artists kind of to not be too hesitant or like afraid of AI are in a way. I'm not sure if this is completely answering your question but I think just evolving with like technology as it evolves with open source and getting artists into these spaces to understand what's going on and to create with these new tools. I think is really what I'm trying to touch on. I think an example that I've heard of in sort of my, my few experiences I've had. I know some artists creating a chatbot like an AI chatbot that is a clone of oneself to speak with and potentially learn or grow through like chatting with a peer that knows almost everything about you. This could be a form of art and investigation I think and it's like it's so interesting to see how art is going to evolve and how we can have novel ways of like creating things that use technology and AI as a medium. It sounds like slightly creepy but I think it'd be cool to have like an external brain that is just my brain that helps me, you know, create new things and it's definitely something we must be kind of careful and aware about in the future. But for the sake of this question, I think it's evolving alongside technology and using that as a medium is something I'm really pushing for for artists in the space. Can I ask you a question back? Do you, do you have any like main interests or goals in using AI and art or in technology and art? Come for the Ask the Expert at 1.30pm if you have any more questions or just want to discuss and talk about hypotheses and data sets if you have. Yeah, anyone else doesn't have any questions. Thank you so much. This was my first OSS so it was very exciting. Thank you.