Project Trebuchet - How SolarWinds is Using Open Source to Secure Their Supply Chain in the Wake of the Sunburst Hack

Explore the aftermath of the SolarWinds Sunburst hack in this 37-minute keynote presentation from KubeCon + CloudNativeCon Europe 2022. Discover how SolarWinds is leveraging open-source technologies to fortify their supply chain security through Project Trebuchet. Gain insights into the anatomy of supply chain attacks, the challenges faced in implementing robust security measures, and the innovative solutions being developed. Learn about the Golden Rule approach, the Trebuchet development experience, and key components such as provenance, InToto, consensus validation clusters, and vulnerability analysis. Understand the complexities of rebuilding trust and security in the wake of a sophisticated nation-state attack, and explore the potential of CNCF and CDF projects in creating resilient build systems for the future.

Intro
What is a Supply Chain Attack
Project Trebuchet
The Golden Rule
Why it wont work
Trebuchet Dev Experience
Trebuchet GitHub
Provenance
InToto
Consensus
Validation Cluster
Vulnerability Analysis
Conclusion
Questions