Conference:  KubeCon + CloudNativeCon Europe 2023

Authors: Lukas Pühringer, Joshua Lock

2023-04-21

The Update Framework (TUF) is a framework for secure content delivery and updates. It protects against various types of supply chain attacks, and, in contrast to many other systems, provides resilience to compromise. TUF’s design has been described in many previous talks at KubeCon and elsewhere. This maintainer track session, for the first time, is indeed all about maintaining TUF. The two core project members, Joshua and Lukas, will share their insights into the organization, which consists of a specification, a standardization process, and a steadily growing number of implementations. They will talk about the different needs of the various subprojects, and show-case these efforts by walking through the recent reference implementation rewrite. Finally, they will point out the many avenues that exist for you to contribute to TUF. Because behind TUF stands a welcoming community, which is constantly looking for new people who are excited about a secure software supply chain.

Conference:  SupplyChainSecurityCon 2022

Authors: Jossef Harush Kadouri

2022-06-22

While commercial supply chain attacks are becoming more manageable, security teams have a much harder time with open-source software supply chains. This session will provide an attacker's perspective of open-source flows and flaws and dive into several unique supply chain weaknesses. Demos will show the ease of conducting different attacks and provide a perspective on defeating them as defenders.

Conference:  KubeCon + CloudNativeCon Europe 2022

Authors: Lukas Pühringer, Jussi Kukkonen

2022-05-20

The Update Framework (TUF) is a framework for secure content delivery and updates. It protects against various types of supply chain attacks, and, in contrast to many other systems, provides resilience to compromise. In this talk Jussi and Lukas, both maintainers of the TUF reference implementation and core contributors to the TUF specification, will show why content delivery is such a crucial part of the supply chain, how TUF can be used to protect it, and where TUF is already used in practice. They will talk about how the TUF ecosystem is evolving: what is happening within the various sub projects and how some well-known adoptions and integration projects are proceeding. Finally, some interesting future developments are discussed.Click here to view captioning/translation in the MeetingPlay platform!

Conference:  KubeCon + CloudNativeCon North America 2021

Authors: Andrew Martin

2021-10-13

The presentation discusses the importance of securing Kubernetes systems and the need for reproducibility of artifacts in detecting compromised building structures.

• Attacks on crypto wallets are currently a major target of cyber attacks
• Attackers can hide malicious code in production code and use it to create a reverse shell to gain access to the infrastructure
• Reproducibility of artifacts is important in detecting compromised building structures
• The software factory should be able to build itself and recover from disaster
• The evidence lake becomes a comparative place where we can detect signals of compromise