Completed
New! Better, more secure build infrastructure
Class Central Classrooms beta
YouTube videos curated by Class Central.
Classroom Contents
Securing the Open Source Software Supply Chain
Automatically move to the next video in the Classroom when playback concludes
- 1 Intro
- 2 Q&A
- 3 Is it safe to use open- source software?
- 4 Is it safe to use open-source software? Yes!
- 5 A better question: How can we use open-source software safely?
- 6 What is the Software Supply Chain?
- 7 The Software Supply Chain: Everything it takes to produce your software
- 8 What is the Secure Software Supply Chain?
- 9 Why is software- supply chain security such a big deal?
- 10 Why is software- supply chain security such a big deal right now?
- 11 ABCs of the Secure Software Supply Chain
- 12 Ephemeral
- 13 Fuzzing
- 14 Joe Biden
- 15 Money
- 16 Open ID Connect
- 17 Provenance
- 18 Remediation
- 19 New! Community advisory databases
- 20 New! Vulnerability auditing software
- 21 GPG relies on a web of trust
- 22 A new standard for signing, verifying and protecting software
- 23 Understanding sigstore Throw away your keys
- 24 Understanding sigstore Provide an identity
- 25 Understanding sigstore Bind key & identity to signing certificate
- 26 Understanding sigstore Publish in the transparency log
- 27 New! Better, more secure build infrastructure
- 28 Safeguarding artifact integrity across any software supply chain
- 29 Understanding SLSA ( salsa') Security framework • Checklist of standards and controls • A series of levels
- 30 Understanding in-toto • A universal standard • For all ecosystems • Ensuring integrity of an artifact • Proof of what was done at each step
- 31 New! Enforcing security policies for source control
- 32 Understanding Allstar • A GitHub app • Enforces best practices • Allows you to set policy • Across an entire organization
- 33 Voluntary 2FA requirement
- 34 2FA mandate for critical projects
- 35 Hardware key giveaway
- 36 Coming soon! PEP 458 implementation & PEP 480 update
- 37 Improvement: Vendor neutral collaboration
- 38 Improvement: More funding for projects
- 39 Predictions: My predictions for the next year