Dates
Conferences
Tags
Sort by:
Most recent
Conference: KubeCon + CloudNativeCon Europe 2023
Authors: Grace Nguyen
2023-04-19
tldr - powered by Generative AI
The presentation discusses the importance of securing the supply chain in open source software development and introduces tools like Salsa, Toto, and Fossio to help with governance and support.
- Open source software is often underfunded and maintained by overworked individuals, making supply chain security a crucial issue
- Governance and support are necessary to provide resources for open source projects to invest in tools like Salsa and supply chain security
- Tools like Salsa, Toto, and Fossio can help with securing the supply chain by providing container signing, ephemeral certificates, and certificate authority services
- Encryption is a key component of securing the supply chain, with digital signatures providing authenticity and identity verification
- The presentation encourages attendees to engage with open source maintainers and participate in discussions around standards like Salsa and vulnerability scanning
Conference: KubeCon + CloudNativeCon North America 2022
Authors: Brandon Lum, Chris Phillips
2022-10-26
tldr - powered by Generative AI
The presentation discusses the importance of generating software bill of materials (S-BOM) and the challenges in ensuring its security against malicious actors. The speakers suggest using metadata and attestation formats to address these challenges.
- Generating S-BOM is important for software security and transparency
- Scanning and pre-populating are two ways to generate S-BOM
- Scanning has limitations in detecting malicious actors
- Metadata and attestation formats can address security challenges
- Composability is important in combining S-BOM from different ecosystems