Container Security: Supply Chain, Authorization, and Runtime Protection

Explore key areas of container security in this comprehensive conference talk from the Open Source Summit. Dive into securing the supply chain, focusing on code insertion into containers, signing, provenance, and control, with insights from Santiago Torres and Justin Cappos on in-toto and TUF. Learn about policy and authorization for controlling deployments, featuring Tim Hinrichs' discussion on Open Policy Agent. Discover techniques for securing container runtimes, including the runc container escape and the initiation of a container escape bounty, presented by Michael Wardrop from Netflix. Engage in roundtable discussions and bird-of-a-feather sessions following the presentations. Benefit from the expertise of industry leaders including Tim Hinrichs (CTO, Styra), Justin Cormack (Security Engineer, Docker), Michael Wardrop (Senior Security Software Engineer, Netflix), Justin Cappos (Professor, NYU), and Santiago Torres-Arias (PhD Candidate, New York University) in this 75-minute session on cutting-edge container security practices.