Reflections on Trust in the Software Supply Chain

Explore the complexities of software supply chain security in this 39-minute Black Hat conference talk. Examine the current state of security measures, including Supply-chain Levels for Software Artifacts (SLSA), Software Bill of Materials (SBOM), code signing, and build tool chain security. Critically evaluate these efforts through a demonstration that reveals potential shortcomings and security theater. Gain insights into binary-source validation as a promising solution for enhancing software supply chain security. Presented by Jeremy Long, this talk offers valuable perspectives for organizations striving to ensure the trustworthiness of their software ecosystem.