Explore the critical insights on supply chain security in this 31-minute conference talk by Diego Rodriguez-Losada Gonzalez, co-creator of Conan.io. Discover how the open-source package manager for C and C++ has maintained zero security incidents while managing over 11 million binaries and processing more than 9000 pull requests in two years. Learn about the implementation of automated quality checks, compiler security mitigations, package signing, and a secure build pipeline. Gain valuable knowledge on establishing an efficient and strict review process to safeguard against potential security threats in package repositories.
Lessons Learned from Securing 40,000 C++ Packages with Conan.io
CNCF [Cloud Native Computing Foundation] via YouTube
Overview
Syllabus
Conan.Io – Lessons Learned from Securing 40,000 C++ Packages - Diego Rodriguez-Losada Gonzalez
Taught by
CNCF [Cloud Native Computing Foundation]