Attending this event?
19-22 March
Learn More and Register to Attend

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon Europe 2024 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Central European Standard Time (UTC +1). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change and session seating is available on a first-come, first-served basis. 
Thursday, March 21 • 11:00 - 11:35
Navigating the Software Supply Chain Defense Landscape - Marina Moore & Aditya Sirish A Yelgundhalli, New York University

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Software supply chain attacks are on the rise, but so are the number of defense mechanisms. The proliferation of CNCF projects like in-toto and TUF in conjunction with other frameworks and systems like Sigstore and SLSA can make it hard to understand how all of these different tools work and the security guarantees they each provide. TAG Security’s Software Supply Chain working group has compiled a mapping of software supply chain tools to requirements from the Software Supply Chain Best Practices Guide. In this talk, we use this mapping to pull together different tools that can be combined for end-to-end software supply chain security. We provide example scenarios of combining certain tools and describe how folks can use the guide for their own software supply chains to determine the right tools for them.

avatar for Marina Moore

Marina Moore

PhD Candidate, New York University
Marina Moore is a PhD candidate at NYU Tandon’s Secure Systems Lab researching secure software updates and software supply chain security. She is a maintainer of The Update Framework (TUF), a CNCF graduated project, as well as in-toto, an incubating project. She contributed to the... Read More →
avatar for Aditya Sirish A Yelgundhalli

Aditya Sirish A Yelgundhalli

Ph.D. Candidate, New York University
Aditya is a Ph.D. candidate at New York University where he researches software supply chain security. He is a maintainer of in-toto, which is incubated at the CNCF. He is also a contributor to TUF, another CNCF project, and a maintainer of gittuf, a sandbox project at the OpenSSF... Read More →

Thursday March 21, 2024 11:00 - 11:35 CET
Pavilion 7 | Level 7.1 | Room D
Feedback form isn't open yet.