logo
Dates

Author


Conferences

Tags

Sort by:  

Authors: Brandon Lum, Parth Patel
2022-06-21

tldr - powered by Generative AI

The presentation discusses the challenges of locking down Providence metadata fields in Tecton and proposes a solution using Spiffy Inspire for strong attestation and verification.
  • Tecton users have direct access to objects and metadata fields, making it difficult to lock down Providence metadata fields
  • Kubernetes cluster classes are managed by different entities, making it challenging to restrict access to metadata fields
  • The Task Run object becomes a main attack point for malicious actors
  • The proposed solution involves creating a trusted computing base and restricting access to metadata fields
  • Spiffy Inspire provides strong attestation and verification for the trusted computing base
  • Future work includes extending the solution to other custom resources and validating artifacts passed between tasks
Authors: Daniel Nebenzahl
2022-06-21

tldr - powered by Generative AI

The presentation discusses the implementation of the Salsa standard in supply chain security and the challenges faced in complying with its requirements.
  • Salsa is an emerging standard that puts many requirements on the table for supply chain security implementation
  • Compliance-driven implementation of the framework may result in minimal value and negotiation with suppliers is necessary
  • Provenance documents can be built from APIs and log files to avoid opening up all pipelines
  • Level three of Salsa promises better protection from developer workstations and adjacent build systems
  • Strongly authenticated actors and retention of sources indefinitely are challenging requirements to comply with
  • The Salsa standard provides solutions but they are hard to implement and may result in loss of accreditation
Authors: Josh Bressers
2022-06-21

tldr - powered by Generative AI

The presentation discusses the importance of understanding the order of steps in supply chain management and the need to prioritize solutions based on the problem at hand.
  • Understanding the order of steps in supply chain management is crucial to effectively addressing problems
  • Prioritizing solutions based on the problem at hand is more effective than blindly implementing solutions
  • The speaker shares an anecdote about the challenges of vulnerability scanning and the importance of building a vulnerability management system
  • The speaker emphasizes the importance of having an S-bomb as the foundation of supply chain management