Security

Session Software Supply Chain Security

Achieving SLSA Certification with a “Bring-Your-Own-Builder” Framework

Tuesday Jun 13 / 04:10PM EDT

Supply-chain Levels for Software Artifacts, or SLSA (pronounced “salsa”), is a security framework to reason about and improve the integrity of released artifacts. With the recent release of SLSA version 1.0, SLSA is seeing increased adoption, both from industry and open source projects.

Asra Ali

Software Engineer @Google

Session Security

Sigstore: Secure and Scalable Infrastructure for Signing and Verifying Software

Tuesday Jun 13 / 11:50AM EDT

Sigstore is an open-source project that aims to provide a transparent and secure way to sign and verify software artifacts.

Billy Lynch

Staff Software Engineer @Chainguard

Zack Newman

Research Scientist @Chainguard

Session Security

Implementing OSSF Scorecards Across an Organization

Wednesday Jun 14 / 04:10PM EDT

Open Source Security Foundation (OSSF) Scorecards provide a way for open source users to determine whether maintainers are being diligent about securing their link in the software security supply chain.

Chris Swan

Engineer @atsigncompany

Security

Achieving SLSA Certification with a “Bring-Your-Own-Builder” Framework

Sigstore: Secure and Scalable Infrastructure for Signing and Verifying Software

Implementing OSSF Scorecards Across an Organization

Follow QCon

Contact

Menu

Conferences around the World