Untrusted Execution - Attacking the Cloud Native Supply Chain

Explore the critical issue of supply chain security in cloud native environments through this 37-minute conference talk by Andrew Martin of ControlPlane. Delve into the complexities of trusting code in production, examining potential vulnerabilities in system supply chains and the challenges posed by malicious actors. Analyze various signing options and their effectiveness in securing different components of the supply chain, from source code and dependencies to CI/CD pipelines and vendor software. Engage in a risk-based threat modeling exercise, compare available open source supply chain security controls, and investigate trusted execution environments. Conclude with a proposed solution for comprehensive end-to-end supply chain security, equipping yourself with valuable insights to enhance the security posture of your cloud native systems.

Untrusted Execution: Attacking the Cloud Native Supply Chain - Andrew Martin, ControlPlane