The landscape of cybersecurity is rapidly changing in the open source world. Traditional, or “Legacy Attacks” used to target code downstream in open source code running in production, but the next generation of attacks is in manufacturing upstream Typo-squatting campaigns, Malicious Code Injection directly at source and Tool Tampering in development stream, all of which pose risks from the biggest corporations to the smallest hobbyist project as we all rely on the same open source ecosystems to do our work. To handle these attacks at scale, we’ve developed open source Bug Bashes, a gamified event where developers compete and collaborate to fix as many bugs as possible in participating open source projects. To date, we’ve had 30+ developers fix over 700 bugs on 9 CNCF projects, and we are expanding this to globally scale - focusing specifically on the Kubernetes ecosystem in the coming months. Join this talk to learn more about how these bug bashes are making the K8 projects you already use more secure, and how you might be able to get involved as a participating project or contributor.