Project Trebuchet - How SolarWinds is Using Open Source to Secure Their Supply Chain in the Wake of the Sunburst Hack
Offered By: CNCF [Cloud Native Computing Foundation] via YouTube
Course Description
Overview
Explore the aftermath of the SolarWinds Sunburst hack in this 37-minute keynote presentation from KubeCon + CloudNativeCon Europe 2022. Discover how SolarWinds is leveraging open-source technologies to fortify their supply chain security through Project Trebuchet. Gain insights into the anatomy of supply chain attacks, the challenges faced in implementing robust security measures, and the innovative solutions being developed. Learn about the Golden Rule approach, the Trebuchet development experience, and key components such as provenance, InToto, consensus validation clusters, and vulnerability analysis. Understand the complexities of rebuilding trust and security in the wake of a sophisticated nation-state attack, and explore the potential of CNCF and CDF projects in creating resilient build systems for the future.
Syllabus
Intro
What is a Supply Chain Attack
Project Trebuchet
The Golden Rule
Why it wont work
Trebuchet Dev Experience
Trebuchet GitHub
Provenance
InToto
Consensus
Validation Cluster
Vulnerability Analysis
Conclusion
Questions
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
Introduction to Agile Software Development: Tools & TechniquesUniversity of California, Berkeley via edX Advanced Topics and Techniques in Agile Software Development
University of California, Berkeley via edX The Data Scientist’s Toolbox
Johns Hopkins University via Coursera How to Use Git and GitHub
Udacity Desarrollo de Videojuegos 3D en Unity: Una Introducción
Universidad de los Andes via Coursera