YoVDO

In-toto - Providing Farm-to-Table Guarantees for Bits and Bytes

Offered By: USENIX via YouTube

Tags

USENIX Security Courses Cryptography Courses Risk Mitigation Courses Software Supply Chain Security Courses

Course Description

Overview

Explore a comprehensive security framework designed to protect the software supply chain in this 21-minute conference talk from USENIX Security '19. Learn about in-toto, a system that provides cryptographic guarantees for the integrity of software from development to deployment. Discover how in-toto addresses vulnerabilities in the complex software development process, involving multiple actors and stages. Examine the framework's effectiveness through 30 real-world supply chain compromise cases that impacted hundreds of millions of users. Gain insights into in-toto's applications across cloud-native, hybrid-cloud, and cloud-agnostic environments. Understand how this framework is integrated into widely-used products and open-source projects, enhancing security for millions of daily users.

Syllabus

Introduction
Software supply chain
principles
no threat model
integrations


Taught by

USENIX

Related Courses

Hardening Your Soft Software Supply Chain
Pluralsight
DevOps with GitHub and Azure: Implementing Software Supply Chain Security with GitHub
Pluralsight
Securing Your Software Supply Chain with Sigstore
Linux Foundation via edX
GitHub Supply Chain Security Using GitGat
Linux Foundation via edX
Kyverno - Deep Dive - Tech Talks
Mirantis via YouTube