Navigating the Software Supply Chain Defense Landscape - Marina Moore & Aditya Sirish A Yelgundhalli, New York University

less than 1 minute read

Abstract

Software supply chain attacks are on the rise, but so are the number of defense mechanisms. The proliferation of CNCF projects like in-toto and TUF in conjunction with other frameworks and systems like Sigstore and SLSA can make it hard to understand how all of these different tools work and the security guarantees they each provide. TAG Security’s Software Supply Chain working group has compiled a mapping of software supply chain tools to requirements from the Software Supply Chain Best Practices Guide. In this talk, we use this mapping to pull together different tools that can be combined for end-to-end software supply chain security. We provide example scenarios of combining certain tools and describe how folks can use the guide for their own software supply chains to determine the right tools for them.

Sched URL

Video

Twitter Facebook LinkedIn

About

Conferences

Navigating the Software Supply Chain Defense Landscape - Marina Moore & Aditya Sirish A Yelgundhalli, New York University

Abstract

Video

You May Also Enjoy

You Shall Not Pass! Unless You Are GUAC Verified…. - Parth Patel, Kusari & Dejan Bosanac, Red Hat

Living off the Land Techniques in Managed Kubernetes Clusters - Ronen Shustin & Shay Berkovich, Wiz

Leveraging OCI 1.1 for Enhanced SBOM Integration and Vulnerability Scanning in Harbor - Anais Urlichs, Aqua Security & Shengwen Yu, VMware

Lessons Learned from Generating 100M SBOMs: Google’s Approach to SBOM Compliance - Brandon Lum & Isaac Hepworth, Google