Explore the critical issue of open source software vulnerabilities and supply chain attacks in this 36-minute Linux Foundation conference talk. Analyze the current state of supply chain security and legislation, and discover a path forward to fortify open source ecosystems. Examine compromises in supply chain resilience practices, emerging open source tools like Sigstore and in-toto, CVE management approaches, and incremental adoption of new patterns such as SLSA and S2C2F. Learn how to harmonize legislative trends with cybersecurity advancements to collaboratively create a more secure and resilient future for software supply chains.
The Road to Zero CVEs: People and Technology
Overview
Syllabus
The Road to Zero CVEs: People and Technology - Andrew Martin & Michael Lieberman
Taught by
Linux Foundation
Tags
Related Courses
-
Fresh SLSA and GUAC - Understanding Open Source Package Risks and Transparency
-
SLSA FRSCA Recipe for Secure Supply Chain
-
In-Toto: Attestations and Software Supply Chain Security
-
Eliminating the Unknowns: Using GUAC to Better Understand Your Software Supply Chain
-
Achieving End-to-End Software Supply Chain Security with in-toto
-
Software Supply Chain Security Case Study at Anaconda
