Overview
Explore the critical issue of open source software vulnerabilities and supply chain attacks in this 36-minute Linux Foundation conference talk. Analyze the current state of supply chain security and legislation, and discover a path forward to fortify open source ecosystems. Examine compromises in supply chain resilience practices, emerging open source tools like Sigstore and in-toto, CVE management approaches, and incremental adoption of new patterns such as SLSA and S2C2F. Learn how to harmonize legislative trends with cybersecurity advancements to collaboratively create a more secure and resilient future for software supply chains.
Syllabus
The Road to Zero CVEs: People and Technology - Andrew Martin & Michael Lieberman
Taught by
Linux Foundation