Overview
Explore essential strategies for securing the software supply chain in this 18-minute conference talk by John Amaral of Slim.AI. Learn about the critical importance of supply chain security in light of recent high-profile breaches like Solarwinds, CodeCov, and Log4j. Discover the "three S's" approach to enhancing security: Software Bill of Materials (SBOM), Signing, and Slimming. Understand how to identify and inventory your software components, verify packages through immutable identity, and minimize attack surfaces by slimming down your codebase. Gain practical insights on implementing these methods as first-line security controls to protect your production operations from potential zero-day exploits and vulnerabilities in third-party and open-source packages.
Syllabus
A Different Kind of S3: First Line Security of the Supply Chain - John Amaral, Slim.AI
Taught by
Linux Foundation