logo
Dates

Author


Conferences

Tags

Sort by:  

Authors: Lukas Pühringer, Joshua Lock
2023-04-21

The Update Framework (TUF) is a framework for secure content delivery and updates. It protects against various types of supply chain attacks, and, in contrast to many other systems, provides resilience to compromise. TUF’s design has been described in many previous talks at KubeCon and elsewhere. This maintainer track session, for the first time, is indeed all about maintaining TUF. The two core project members, Joshua and Lukas, will share their insights into the organization, which consists of a specification, a standardization process, and a steadily growing number of implementations. They will talk about the different needs of the various subprojects, and show-case these efforts by walking through the recent reference implementation rewrite. Finally, they will point out the many avenues that exist for you to contribute to TUF. Because behind TUF stands a welcoming community, which is constantly looking for new people who are excited about a secure software supply chain.
Authors: Jossef Harush Kadouri
2022-06-22

While commercial supply chain attacks are becoming more manageable, security teams have a much harder time with open-source software supply chains. This session will provide an attacker's perspective of open-source flows and flaws and dive into several unique supply chain weaknesses. Demos will show the ease of conducting different attacks and provide a perspective on defeating them as defenders.
Authors: Lukas Pühringer, Jussi Kukkonen
2022-05-20

The Update Framework (TUF) is a framework for secure content delivery and updates. It protects against various types of supply chain attacks, and, in contrast to many other systems, provides resilience to compromise. In this talk Jussi and Lukas, both maintainers of the TUF reference implementation and core contributors to the TUF specification, will show why content delivery is such a crucial part of the supply chain, how TUF can be used to protect it, and where TUF is already used in practice. They will talk about how the TUF ecosystem is evolving: what is happening within the various sub projects and how some well-known adoptions and integration projects are proceeding. Finally, some interesting future developments are discussed.Click here to view captioning/translation in the MeetingPlay platform!
Authors: Andrew Martin
2021-10-13

tldr - powered by Generative AI

The presentation discusses the importance of securing Kubernetes systems and the need for reproducibility of artifacts in detecting compromised building structures.
  • Attacks on crypto wallets are currently a major target of cyber attacks
  • Attackers can hide malicious code in production code and use it to create a reverse shell to gain access to the infrastructure
  • Reproducibility of artifacts is important in detecting compromised building structures
  • The software factory should be able to build itself and recover from disaster
  • The evidence lake becomes a comparative place where we can detect signals of compromise