Securing the Software Supply Chain: From Threats to Best Practices

Explore the critical aspects of securing the software supply chain in this comprehensive 59-minute fireside chat sponsored by Cloudsmith. Gain insights from industry experts as they delve into the history of supply chain security threats, security development, and deployment strategies. Learn about various types of attacks, including availability issues, dependency vulnerabilities, and development tool exploits. Discover ongoing open-source projects and initiatives addressing software supply chain security needs. Understand the challenges and considerations in tackling this complex problem. Explore Cloudsmith and ChainGuard's contributions to simplifying these issues and learn actionable steps for individuals and organizations to enhance software supply chain security. Dive into topics such as Software Bill of Materials, Executive Order 14028, provenance, open-source security, and best practices for building trust and implementing security by default.

Intro
Agenda
Introductions
About Cloudsmith
About Chain Guard
SolarWinds Attack
What is Software Supply Chain
Software Build Materials
Executive Order 14028
Provenance
Open Source
Trust
Security by default
Security attacks
Lets Encrypt
Cosine
Open source momentum
Shared ecosystem of providence
Meeting users where they are
Conclusion
The Challenge
Cosine and Salsa
Best Practices