logo
Dates

Author


Conferences

Tags

Sort by:  

Authors: Shane Lawrence
2022-05-19

tldr - powered by Generative AI

The presentation discusses the importance of securing software supply chains and the techniques that Shopify has learned in protecting millions of businesses. The talk highlights the challenges of software supply chain attacks and the need for collaboration in addressing the issue.
  • Recent compromises of Codecov and Solar Winds have put a spotlight on software supply chain attacks.
  • Lessons that Shopify has learned in protecting millions of businesses and demonstrate these techniques using open source software.
  • Traditional defensive techniques can be applied in the cloud.
  • Voucher and grafeas implementations can give you control over the software that runs in your clusters.
  • The SLSA framework can guide you toward establishing trust in your software.
  • Falco can be used to detect malicious behaviour or indicators that your supply chain has been compromised.
  • Specific techniques for mitigating supply chain attacks include scanning or reviewing the code, using static analysis, and looking at the reputation and response to previous incidents of the maintainers.
  • We can expect more from our suppliers by asking for receipts, an S-bomb, and what your software is made of.