Explore tools and techniques for armoring open source project supply chains in this 41-minute conference talk by David C Stewart from Intel Corporation. Gain insights into the urgent need for supply chain security, the importance of open source, and the impact of the US Executive Order on critical software. Learn about administratively separate builds, threat modeling, and the SALSA framework for assessing security levels. Discover open source tools for managing dependencies, addressing vulnerabilities, and implementing automation. Understand the dilemmas faced in securing software supply chains and gain valuable knowledge to enhance the security of your open source projects.
Supply Chain Armoring: Tools and Techniques for Open Source Projects
Overview
Syllabus
Introduction
My perspective
Why is this an urgent issue
Why open source is important
US Executive Order
Timeline
Critical Software
Administratively separate builds
Grumpiness
Analysis
Threat Model
Salsa
Levels
Salsa Map
Open Source Tools
Dependencies
The Dilemma
CVN
Automation
Summary
Taught by
Linux Foundation
Tags
Related Courses
-
Securing the Software Supply Chain: From Threats to Best Practices
-
Why You Should Care About Open Source Supply Chain Security
-
Supply Chain Security for OpenSource Projects
-
Rising Threat - Securing Your Open-Source Pipeline
-
Struts2 Vulnerability Workshop - Securing Applications Against Supply Chain Attacks
-
Securing Your Supply Chain with an Open Source Ecosystem
