Securing Software Supply Chains Using the SLSA Framework

Explore software supply chain security through the SLSA (Supply-chain Levels for Architects) framework in this 20-minute DevSecCon talk. Learn practical, vendor-neutral strategies to enhance the resilience of your software supply chain, addressing critical issues like Log4j and SolarWinds incidents. Dive into key SLSA areas, including code security, build process protection, provenance, and secure deployment, to create a more robust software development lifecycle. Gain insights into typical security practices and gradual improvement plans for each major area. Benefit from speaker Kaif Ahsan's expertise as a Product Security Engineer at Atlassian, combining his background in software development and cybersecurity. Ideal for professionals in defensive cybersecurity roles and those aiming to deliver more secure software and services.

Securing our Software Supply Chains using the SLSA Framework - Kaif Ahsan