Securing the Software Supply Chain: From Threats to Best Practices
Offered By: Linux Foundation via YouTube
Course Description
Overview
Explore the critical aspects of securing the software supply chain in this comprehensive 59-minute fireside chat sponsored by Cloudsmith. Gain insights from industry experts as they delve into the history of supply chain security threats, security development, and deployment strategies. Learn about various types of attacks, including availability issues, dependency vulnerabilities, and development tool exploits. Discover ongoing open-source projects and initiatives addressing software supply chain security needs. Understand the challenges and considerations in tackling this complex problem. Explore Cloudsmith and ChainGuard's contributions to simplifying these issues and learn actionable steps for individuals and organizations to enhance software supply chain security. Dive into topics such as Software Bill of Materials, Executive Order 14028, provenance, open-source security, and best practices for building trust and implementing security by default.
Syllabus
Intro
Agenda
Introductions
About Cloudsmith
About Chain Guard
SolarWinds Attack
What is Software Supply Chain
Software Build Materials
Executive Order 14028
Provenance
Open Source
Trust
Security by default
Security attacks
Lets Encrypt
Cosine
Open source momentum
Shared ecosystem of providence
Meeting users where they are
Conclusion
The Challenge
Cosine and Salsa
Best Practices
Taught by
Linux Foundation
Tags
Related Courses
GitHub Supply Chain Security Using GitGatLinux Foundation via edX Introduction to Security Principles in Cloud Computing
Google via Google Cloud Skills Boost DevOps with GitHub and Azure: Implementing Software Supply Chain Security with GitHub
Pluralsight Hardening Your Soft Software Supply Chain
Pluralsight Secure Software Supply Chain: Using Cloud Build & Cloud Deploy to Deploy Containerized Applications
Google via Google Cloud Skills Boost