December 6, 2019

191 words 1 min read

Completely Securing the Software Supply Chain using Grafeas + in-toto

Completely Securing the Software Supply Chain using Grafeas + in-toto

Continuous delivery, a prevalent concept in the cloud native ecosystem, has drastically simplified and accelerated development and deployment of software from its inception to the enduser. Unfortunate …

Talk Title Completely Securing the Software Supply Chain using Grafeas + in-toto
Speakers Wendy Dembowski (Staff Software Engineer, Google), Lukas Puehringer (Research Associate, NYU)
Conference KubeCon + CloudNativeCon Europe
Conf Tag
Location Copenhagen, Denmark
Date Apr 30-May 4, 2018
URL Talk Page
Slides Talk Slides
Video

Continuous delivery, a prevalent concept in the cloud native ecosystem, has drastically simplified and accelerated development and deployment of software from its inception to the enduser. Unfortunately, the continuous delivery supply chain has become an attractive target for attacks. An attacker that compromises any of the steps of the supply chain, or alters the product in transit, can target all users at once. In this talk Wendy Dembowski and Lukas Puehringer will introduce in-toto and grafeas(grafeas.io), a software supply chain security ecosystem to verify the supply chain integrity, authenticity and compliance of any application. The talk will feature real-life examples, such as the target deployments for various popular projects, including Debian, Arch Linux, reproducible builds and Docker.

comments powered by Disqus