Back To Schedule
Tuesday, November 19 • 10:55am - 11:30am
Securing the Software Supply Chain with in-toto - Santiago Torres-Arias & Justin Cappos, NYU

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
The cloud native ecosystem and tooling allows for rapid development and delivery of applications using various services in different configurations in highly-automated software supply chains. Unfortunately, this supply chain has become an attractive target for attacks. An attacker that compromises any of the steps of the supply chain, compromises a dependency or alters the product in transit, can affect all users at once and with devastating consequences.

In this talk, we will talk about the current integrations of in-toto in the cloud/container space. In addition, we will cover the existing in-toto toolchains and how they can be used in various scenarios, from supply CI systems like Jenkins, to providers such as GitLab, and beyond. We will showcase these in different real-world use cases with concrete examples inspire attendees on how to secure their supply chain.

avatar for Santiago Torres

Santiago Torres

PhD Student, New York University
avatar for Justin Cappos

Justin Cappos

Professor, NYU
Justin Cappos is a professor in the Computer Science and Engineering department at New York University, who strives to provide service to society through technology. Justin's research philosophy focuses on solving real world security problems in practice. He and his students often... Read More →

Tuesday November 19, 2019 10:55am - 11:30am PST
Room 23BC - San Diego Convention Center Upper Level