Session: Reflections on Supply Chain Trust: the Software Factory

The original supply chain attack was described in Reflections on Trusting Trust 35 years ago. As attacks from SUNBURST to REvil abuse the same implicit trust relationship between consumers and vendors today, we ask ourselves: does cloud native have the answer?

We live demo supply chain compromises against containers and open source software, then detail a Kubernetes Software Factory approach, based on work from the US Air Force and DoD, to sign, seal, and deliver potentially hostile code safely to production.

In this talk we:

  • Demo assorted supply chain attacks against cloud native systems
  • Showcase work to build a Kubernetes Software Factory with Tekton
  • Deep dive on signing and verification approaches to securely build software with in-toto, TUF, SPIFFE, SPIRE, and sigstore
  • Detail future cloud native solutions to harden Kubernetes, builds, and infrastructure

Presenters:

Andrew Martin

ALL THINGS OPEN 2022

We're celebrating 10 years of All Things Open next October 30-November 2, and we kindly request you save the date and join us.

Save the Date

2021 EVENT SUMMARY

Nearly 5,000 registered for both the virtual and in-person format.

Event Summary

THANK YOU 2021 SPONSORS

Our sponsors help us make the event possible, and we were thrilled to partner with incredible companies and organizations in 2021.

2021 Sponsors