In-toto - Providing Farm-to-Table Guarantees for Bits and Bytes

Explore a comprehensive security framework designed to protect the software supply chain in this 21-minute conference talk from USENIX Security '19. Learn about in-toto, a system that provides cryptographic guarantees for the integrity of software from development to deployment. Discover how in-toto addresses vulnerabilities in the complex software development process, involving multiple actors and stages. Examine the framework's effectiveness through 30 real-world supply chain compromise cases that impacted hundreds of millions of users. Gain insights into in-toto's applications across cloud-native, hybrid-cloud, and cloud-agnostic environments. Understand how this framework is integrated into widely-used products and open-source projects, enhancing security for millions of daily users.

Introduction
Software supply chain
principles
no threat model
integrations