logo
Dates

Author


Conferences

Tags

Sort by:  

Authors: Santiago Torres-Arias, Aditya Sirish A Yelgundhalli
2022-10-26

tldr - powered by Generative AI

The speaker discusses the complexities and vulnerabilities of software supply chains and the need for higher degrees of assurance and resiliency in the pipeline.
  • Software supply chains are vulnerable to compromise, with examples including version control systems, build farms, packaging, and testing infrastructure.
  • Compromises in the supply chain can have a significant impact on users, reputation, budget, and intellectual property.
  • Integrity checks, reproducible builds, verifiable compilers, and secure package delivery can provide higher degrees of assurance and resiliency.
  • Centralized metadata storage and integration with CI systems are possible solutions.
  • The speaker emphasizes the need for addressing the problem and improving the software supply chain.