Explore enforceable software supply chain policies and attestations using in-toto in this 35-minute conference talk presented by Alan Chung Ma and Santiago Torres-Arias from Purdue University. Delve into the importance of capturing metadata to demonstrate supply chain integrity in light of cybersecurity regulations and high-profile attacks like SUNBURST. Learn how CNCF projects such as in-toto and Witness generate machine-verifiable attestations, and understand the role of frameworks like SLSA in guiding attestation generation. Discover specific policies that can defend against notable supply chain attacks, and gain insights into configuring in-toto to mitigate such threats. Examine the TAG-Security catalog of supply chain attacks and their relevance to SLSA specifications and US/EU regulations. Gain valuable knowledge to enhance your organization's software supply chain security and compliance efforts.
Enforceable Software Supply Chain Policies and Attestations Using in-Toto
CNCF [Cloud Native Computing Foundation] via YouTube
Overview
Syllabus
Enforceable Software Supply Chain Policies and Attestations Using in-Toto
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
-
In-Toto: Attestations and Software Supply Chain Security
-
Achieving End-to-End Software Supply Chain Security with in-toto
-
Toto-Ally TUF: Simple Tools for a Secure Software Supply Chain
-
In-toto - Securing the Entire Software Supply Chain
-
Navigating the Software Supply Chain Defense Landscape
-
In-Toto: Protecting Software Supply Chain in Cloud Native and Confidential Containers
