Overview
Explore the critical issue of cloud native supply chain security in this 46-minute DevSecCon talk. Delve into the complexities of trusting production code, examining potential vulnerabilities in system supply chains that motivated attackers can exploit. Analyze the limitations of hardened runtimes and detection methods in preventing zero-day attacks, and understand the challenges posed by malicious internal threat actors and software implants. Investigate various signing options available for supply chain security, and evaluate their effectiveness in addressing key concerns. Gain valuable insights into protecting cloud native environments from potential security breaches and enhancing overall system integrity.
Syllabus
Insecure Execution: Attacking the Cloud Native Supply Chain with Andrew Martin
Taught by
DevSecCon