Conference:  KubeCon + CloudNativeCon North America 2022

Authors: Doug Davis

2022-10-27

Since CloudEvents v1.0 was released the project has been focused on what other eventing-related pain-points might benefit from some standardization. In this session, after a quick recap of the CloudEvents specification itself, we'll discuss how we're trying to ease the challenges associated with the remaining portion of the lifecycle of event management. In particular, around discovery of event producers, setting up subscriptions and event verification - all in a programmatic and interoperable fashion.

Conference:  KubeCon + CloudNativeCon North America 2022

Authors: Justin Cappos, Marina Moore

2022-10-27

Description: As supply chain security has garnered a lot of attention recently, software signing and verification has emerged as a vital step in the process of distributing software. However, a signature alone is insufficient for ensuring the security of a software artifact. Come learn about The Update Framework (TUF), the technology used by sigstore, Notary, Google Fuchsia, and more to not only sign software, but determine which keys should be used and prevent known attacks on software update systems. We will give an overview of TUF that describes its security features and how it has been integrated into fields as diverse as container registries and automobiles. We will also discuss new features we are working on to better support secure software distribution at scale, usability, and some emerging uses of TUF.

Conference:  KubeCon + CloudNativeCon North America 2022

Authors: Jake Sanders, Andres Vega

2022-10-26

The presentation discusses the importance of securing software supply chains and introduces Spiffy and Spire as solutions. It also highlights the intersection of Spiffy and Spire with Project Six Store.

• Software supply chains are vulnerable to attacks and require secure solutions
• Spiffy and Spire provide a secure identity framework for managing the lifecycle of identity and reducing the likelihood of breaches
• Spiffy and Spire create an identity control plane and abstraction that simplifies high velocity pki and roll binding
• Project Six Store intersects with Spiffy and Spire by providing a secure and scalable platform for storing and sharing software artifacts