Explore a comprehensive security framework designed to protect the software supply chain in this 21-minute conference talk from USENIX Security '19. Learn about in-toto, a system that provides cryptographic guarantees for the integrity of software from development to deployment. Discover how in-toto addresses vulnerabilities in the complex software development process, involving multiple actors and stages. Examine the framework's effectiveness through 30 real-world supply chain compromise cases that impacted hundreds of millions of users. Gain insights into in-toto's applications across cloud-native, hybrid-cloud, and cloud-agnostic environments. Understand how this framework is integrated into widely-used products and open-source projects, enhancing security for millions of daily users.
In-toto - Providing Farm-to-Table Guarantees for Bits and Bytes
Overview
Syllabus
Introduction
Software supply chain
principles
no threat model
integrations
Taught by
USENIX
Related Courses
-
In-Toto: Protecting Software Supply Chain in Cloud Native and Confidential Containers
-
Securing Software Supply Chains with In-Toto
-
In-toto - Securing the Entire Software Supply Chain
-
Enforceable Software Supply Chain Policies and Attestations Using in-Toto
-
Toto-Ally TUF: Simple Tools for a Secure Software Supply Chain
-
State of the Art Supply Chain Security - In-toto, TUF, and SigStore
