Reflections on Trust in the Software Supply Chain
Offered By: OWASP Foundation via YouTube
Course Description
Overview
Explore the critical landscape of software supply chain security in this 45-minute OWASP 2023 Global AppSec DC conference talk. Examine the current state and challenges organizations face in ensuring software security and trustworthiness. Evaluate ongoing efforts such as Supply-chain Levels for Software Artifacts (SLSA), Software Bill of Materials (SBOM), code signing, and build tool chain security. Witness a demonstration exposing potential security theater in some current initiatives. Conclude with an insightful discussion on binary-source validation as a promising solution for enhancing software supply chain security. Gain valuable insights from Jeremy Long, Principal Security Engineer at ServiceNow and founder of the OWASP dependency-check project, as he shares his expertise in security automation and secure development processes.
Syllabus
Reflections on Trust in the Software Supply Chain
Taught by
OWASP Foundation
Related Courses
Ketchup, Mustard, and Relish of Software Supply Chain Security - Panel DiscussionLinux Foundation via YouTube SLSA in Action: Securing the Software Supply Chain
Linux Foundation via YouTube Securing Your Supply Chain by Building with FRSCA
Linux Foundation via YouTube Open Tools for Secure Supply Chains in Kubernetes - From Release Engineering
Linux Foundation via YouTube Google SLSA and NIST SSDF - Emerging Software Supply Chain Security Best Practices
Linux Foundation via YouTube