Overview
Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore tools and techniques for armoring open source project supply chains in this 41-minute conference talk by David C Stewart from Intel Corporation. Gain insights into the urgent need for supply chain security, the importance of open source, and the impact of the US Executive Order on critical software. Learn about administratively separate builds, threat modeling, and the SALSA framework for assessing security levels. Discover open source tools for managing dependencies, addressing vulnerabilities, and implementing automation. Understand the dilemmas faced in securing software supply chains and gain valuable knowledge to enhance the security of your open source projects.
Syllabus
Introduction
My perspective
Why is this an urgent issue
Why open source is important
US Executive Order
Timeline
Critical Software
Administratively separate builds
Grumpiness
Analysis
Threat Model
Salsa
Levels
Salsa Map
Open Source Tools
Dependencies
The Dilemma
CVN
Automation
Summary
Taught by
Linux Foundation