logo
Dates

Author


Conferences

Tags

Sort by:  

Authors: Steve Judd
2022-10-25

tldr - powered by Generative AI

The importance of understanding and assuring the trustworthiness of external dependencies in software applications
  • Modern software components contain a selection of external dependencies whose provenance is unknown
  • Assuring the trustworthiness of dependencies is often ignored by organizations and their engineering teams
  • Efficient, automated pipelines can be used to audit dependencies for vulnerabilities and license obligations, assess them against the organization’s security policies, and ultimately provide the ability to control which dependencies can be used and deployed within the organization
Authors: Ed Warnicke, Aeva Black
2022-06-21

tldr - powered by Generative AI

The presentation discusses the need for simplicity in addressing supply chain security in open source software communities. The speaker proposes the use of a canonical, unique, and immutable identity for software artifacts to simplify the problem space.
  • Software artifacts can be represented as an array of bytes and should have a unique, canonical, and immutable identity
  • Identity should be based on the byte array representation of the artifact
  • File names, locations, and URLs are not suitable for identity
  • Simplifying the problem space requires a change in perspective
  • Focusing on simplicity leads to reliability, performance, and security