Dates
Conferences
Tags
Sort by:
Most recent
Conference: KubeCon + CloudNativeCon Europe 2023
Authors: Justin Cormack, Toddy Mladenov
2023-04-21
tldr - powered by Generative AI
The presentation discusses the importance of standards in supply chain security and the ongoing efforts to incorporate transparency logs and metadata into software in the container ecosystem.
- Verifying identity and large entities is important in supply chain actions
- Working with the SKET project to build a transparency log and record identities and signatures
- Incorporating additional metadata around supply chains, such as S-BOMs and SPGX, to have more fine-grained controls
- Proposing a new sub-project of Notary to directly store TUF repository metadata in the registry
- Seeing Notary projects as a home for a set of standards around supply chain security
Conference: KubeCon + CloudNativeCon North America 2022
Authors: Justin Cormack
2022-10-27
This talk gives an overview of the status of the Notary project, and the Notary v2 work, and the context in the broader ecosystem. Supply chain security is becoming increasingly critical and its importance has been recognised, but the ecosystem of tools around this is confusing. So this talk will cover the context of the key ideas, including the TUF and in-toto projects and how they relate to the security outcomes people want to achieve.
Conference: KubeCon + CloudNativeCon North America 2021
Authors: Justin Cormack, Steve Lasker
2021-10-14
tldr - powered by Generative AI
The presentation discusses the importance of verifying the identity and authenticity of software content in the supply chain through Notary v2. The speaker uses real-world analogies to explain the concept and emphasizes the need for trust and policy management in the deployment process.
- Notary v2 focuses on the distribution and consumption of software content in the supply chain
- Verifying the identity and authenticity of software content is crucial in ensuring security and reliability
- Policy management and trust are necessary in the deployment process
- Real-world analogies, such as airport security checks, can help illustrate the concept