In-toto - Providing Farm-to-Table Guarantees for Bits and Bytes
Offered By: USENIX via YouTube
Course Description
Overview
Explore a comprehensive security framework designed to protect the software supply chain in this 21-minute conference talk from USENIX Security '19. Learn about in-toto, a system that provides cryptographic guarantees for the integrity of software from development to deployment. Discover how in-toto addresses vulnerabilities in the complex software development process, involving multiple actors and stages. Examine the framework's effectiveness through 30 real-world supply chain compromise cases that impacted hundreds of millions of users. Gain insights into in-toto's applications across cloud-native, hybrid-cloud, and cloud-agnostic environments. Understand how this framework is integrated into widely-used products and open-source projects, enhancing security for millions of daily users.
Syllabus
Introduction
Software supply chain
principles
no threat model
integrations
Taught by
USENIX
Related Courses
Hardening Your Soft Software Supply ChainPluralsight DevOps with GitHub and Azure: Implementing Software Supply Chain Security with GitHub
Pluralsight Securing Your Software Supply Chain with Sigstore
Linux Foundation via edX GitHub Supply Chain Security Using GitGat
Linux Foundation via edX Kyverno - Deep Dive - Tech Talks
Mirantis via YouTube