YoVDO

Whose Sign Is It Anyway?

Offered By: CNCF [Cloud Native Computing Foundation] via YouTube

Tags

Conference Talks Courses Cybersecurity Courses Software Supply Chain Security Courses PyPi Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore the intricacies of code signing and digital signatures in this thought-provoking conference talk. Delve into the security foundations of software supply chains, questioning the assumptions behind digital signatures and their role in ensuring software integrity. Examine policy choices surrounding key handling, signature validity, and the concept of digital identity. Learn about real-world applications through case studies of The Update Framework (TUF), Uptane, PyPI, and Notary v2. Gain insights into key hygiene practices and the limitations of digital signatures. Challenge your understanding of cryptographic trust and leave with a deeper appreciation for the complexities of secure software distribution.

Syllabus

Intro
The issue on the table
A link to the past
Put a lock on it?
Signing: the reality
The ties that cryptographically bind
Keys and identity
Key hygiene
oh no
Review: I'm a signature , not a cop
The Update Framework (TUF)
Case study: Uptane
Case study: PyPI & PEP 480
Case study: Notary v2
Takeaways
Questions?


Taught by

CNCF [Cloud Native Computing Foundation]

Related Courses

Building Geospatial Apps on Postgres, PostGIS, & Citus at Large Scale
Microsoft via YouTube
Unlocking the Power of ML for Your JavaScript Applications with TensorFlow.js
TensorFlow via YouTube
Managing the Reactive World with RxJava - Jake Wharton
ChariotSolutions via YouTube
What's New in Grails 2.0
ChariotSolutions via YouTube
Performance Analysis of Apache Spark and Presto in Cloud Environments
Databricks via YouTube