Loading…
Attending this event?
Tuesday, November 19 • 10:55am - 11:30am
Securing the Software Supply Chain with in-toto - Santiago Torres-Arias & Justin Cappos, NYU

Sign up or log in to save this to your schedule and see who's attending!

The cloud native ecosystem and tooling allows for rapid development and delivery of applications using various services in different configurations in highly-automated software supply chains. Unfortunately, this supply chain has become an attractive target for attacks. An attacker that compromises any of the steps of the supply chain, compromises a dependency or alters the product in transit, can affect all users at once and with devastating consequences.

In this talk, we will talk about the current integrations of in-toto in the cloud/container space. In addition, we will cover the existing in-toto toolchains and how they can be used in various scenarios, from supply CI systems like Jenkins, to providers such as GitLab, and beyond. We will showcase these in different real-world use cases with concrete examples inspire attendees on how to secure their supply chain.

Speakers
avatar for Santiago Torres-Arias

Santiago Torres-Arias

PhD student, NYU
Open source developer, arch linux packager and security team, member of the reproducible builds project. I do research on securing the devops pipeline and the software supply chain.I'm interested in helping you secure your software supply chain using in-toto.
avatar for Justin Cappos

Justin Cappos

Professor, NYU
Justin Cappos is a professor in the Computer Science and Engineering department at New York University, who strives to provide service to society through technology. Justin's research philosophy focuses on solving real world security problems in practice. He and his students often... Read More →


Tuesday November 19, 2019 10:55am - 11:30am
Room 23BC - San Diego Convention Center Upper Level
  • Experience Level Any
Feedback form isn't open yet.