Explore the complexities of software supply chain security in this 39-minute Black Hat conference talk. Examine the current state of security measures, including Supply-chain Levels for Software Artifacts (SLSA), Software Bill of Materials (SBOM), code signing, and build tool chain security. Critically evaluate these efforts through a demonstration that reveals potential shortcomings and security theater. Gain insights into binary-source validation as a promising solution for enhancing software supply chain security. Presented by Jeremy Long, this talk offers valuable perspectives for organizations striving to ensure the trustworthiness of their software ecosystem.
Overview
Syllabus
Reflections on Trust in the Software Supply Chain
Taught by
Black Hat