logo
Dates

Author


Conferences

Tags

Sort by:  

Authors: Grace Nguyen
2023-04-19

tldr - powered by Generative AI

The presentation discusses the importance of securing the supply chain in open source software development and introduces tools like Salsa, Toto, and Fossio to help with governance and support.
  • Open source software is often underfunded and maintained by overworked individuals, making supply chain security a crucial issue
  • Governance and support are necessary to provide resources for open source projects to invest in tools like Salsa and supply chain security
  • Tools like Salsa, Toto, and Fossio can help with securing the supply chain by providing container signing, ephemeral certificates, and certificate authority services
  • Encryption is a key component of securing the supply chain, with digital signatures providing authenticity and identity verification
  • The presentation encourages attendees to engage with open source maintainers and participate in discussions around standards like Salsa and vulnerability scanning