Explore the critical issue of supply chain security in cloud native environments through this 37-minute conference talk by Andrew Martin of ControlPlane. Delve into the complexities of trusting code in production, examining potential vulnerabilities in system supply chains and the challenges posed by malicious actors. Analyze various signing options and their effectiveness in securing different components of the supply chain, from source code and dependencies to CI/CD pipelines and vendor software. Engage in a risk-based threat modeling exercise, compare available open source supply chain security controls, and investigate trusted execution environments. Conclude with a proposed solution for comprehensive end-to-end supply chain security, equipping yourself with valuable insights to enhance the security posture of your cloud native systems.
Untrusted Execution - Attacking the Cloud Native Supply Chain
CNCF [Cloud Native Computing Foundation] via YouTube
Overview
Syllabus
Untrusted Execution: Attacking the Cloud Native Supply Chain - Andrew Martin, ControlPlane
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
-
Insecure Execution: Attacking the Cloud Native Supply Chain
-
In-Toto: Protecting Software Supply Chain in Cloud Native and Confidential Containers
-
Hacking the Cloud Native Renaissance - Lowering Risk of Kubernetes Adoption
-
Is the Internet on Fire? Strategies for Mitigating Open Source Software Vulnerabilities
-
Policy Compliance with Sigstore - From Signing Software to Validating the Whole Software Supply Chain
-
Supply Chain Security in the Enterprise
