Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Securing the Software Supply Chain - Go Checksum Database

USENIX Enigma Conference via YouTube

Overview

Explore the critical issue of securing the software supply chain in this 22-minute conference talk from USENIX Enigma 2020. Delve into the challenges posed by widespread code reuse and third-party dependencies in modern software development. Examine high-profile security incidents and their patterns, including compromised developer credentials and ecosystem access issues. Learn about the innovative Go checksum database, designed to secure the Go modules ecosystem without additional work from module authors. Discover how this centralized log system employs Certificate Transparency technology to ensure accountability and enables third-party auditors to provide new version notifications. Understand the database's cacheability features and their implications for resource management and privacy. Gain insights into applying these concepts to other software package ecosystems to enhance overall software supply chain security.

Syllabus

Intro
Three supply chain security players
Provenance
Go Modules
Availability
Go Module Proxies and Mirror
Integrity
Merkle trees for accountability
Tiles for caching
The Go Checksum Database
Go build dependencies
Vulnerability tracking
Security practices
Auditing
Questions?

Taught by

USENIX Enigma Conference

Reviews

Start your review of Securing the Software Supply Chain - Go Checksum Database

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.