CERIAS <webmaster@cerias.purdue.edu>

Santiago Torres-Arias, "Practical software Supply Chain Security and Transparency"

Santiago Torres-Arias, "Practical software Supply Chain Security and Transparency"

The software development process, or software supply chain, is quite complex and involves a number of independent actors. Due to this ever-growing complexity has led to various software supply chain compromises: from XCodeGhost injecting malware on millions of apps, to the highly-publicized SolarWinds Compromise. In this talk, Santiago will introduce various research challenges, as well as attempts from both Open Source and Industry --- such as SigStore, CoSign and in-toto --- to protect millions of users across the globe.

Release Date:

Share part or all of the audio of this episode