Explore the complex landscape of software supply chain defense in this informative conference talk. Gain insights into the rising threat of software supply chain attacks and the corresponding growth in defense mechanisms. Discover how CNCF projects like in-toto and TUF, along with frameworks such as Sigstore and SLSA, contribute to securing the software supply chain. Learn about TAG Security's Software Supply Chain working group's efforts to map various tools to requirements outlined in the Software Supply Chain Best Practices Guide. Understand how to combine different tools for comprehensive end-to-end security and apply this knowledge to your own software supply chains. Through example scenarios, grasp the process of selecting the right tools for specific security needs. Enhance your understanding of the software supply chain defense ecosystem and equip yourself with the knowledge to navigate this critical aspect of modern software development and deployment.
Navigating the Software Supply Chain Defense Landscape
CNCF [Cloud Native Computing Foundation] via YouTube
Overview
Syllabus
Navigating the Software Supply Chain Defense Landscape - Marina Moore & Aditya Sirish A Yelgundhalli
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
-
In-Toto: Attestations and Software Supply Chain Security
-
Achieving End-to-End Software Supply Chain Security with in-toto
-
Toto-Ally TUF: Simple Tools for a Secure Software Supply Chain
-
Developer Security Champion: Supply Chain Security
-
Securing Your Software Supply Chain with Sigstore
-
DevOps with GitHub and Azure: Implementing Software Supply Chain Security with GitHub
