Software Supply Chain Security

Session Software Supply Chain Security

Securing the Software Supply Chain: How in-toto and TUF Work Together to Combat Supply Chain Attacks

Tuesday Jun 13 / 05:25PM EDT

Software supply chain attacks have seen a 742% increase in the last three years. in-toto is a battle-tested and broadly deployed CNCF incubated project that counters these threats.

Marina Moore

PhD Candidate @NYU & Tech Lead for CNCF's TAG Security

Session Software Supply Chain Security

Achieving SLSA Certification with a “Bring-Your-Own-Builder” Framework

Tuesday Jun 13 / 04:10PM EDT

Supply-chain Levels for Software Artifacts, or SLSA (pronounced “salsa”), is a security framework to reason about and improve the integrity of released artifacts. With the recent release of SLSA version 1.0, SLSA is seeing increased adoption, both from industry and open source projects.

Asra Ali

Software Engineer @Google

Session Security

Sigstore: Secure and Scalable Infrastructure for Signing and Verifying Software

Tuesday Jun 13 / 11:50AM EDT

Sigstore is an open-source project that aims to provide a transparent and secure way to sign and verify software artifacts.

Billy Lynch

Staff Software Engineer @Chainguard

Zack Newman

Research Scientist @Chainguard

Software Supply Chain Security

Securing the Software Supply Chain: How in-toto and TUF Work Together to Combat Supply Chain Attacks

Achieving SLSA Certification with a “Bring-Your-Own-Builder” Framework

Sigstore: Secure and Scalable Infrastructure for Signing and Verifying Software

Follow QCon

Contact

Menu

Conferences around the World