Cryptographic Signatures: A Building Block Not A Panacea- Marina Moore, NYU
Abstract
Cryptographic signatures are a key piece of securing the software supply chain. They allow developers to attest that a piece of software is valid, and an end user to ensure that the software was not tampered with. In this talk, Marina Moore will talk about what cryptographic signatures do and don’t provide for a security ecosystem with examples of their effective use as a building block for existing cloud native supply chain security applications. She will also address some common pitfalls in the implementation of cryptographic signature systems.