How your software sausage is made: current state of software supply chain security

Presented at Canterbury Hacker Camp (2022), Nov. 25, 2022, 7:40 p.m. (Unknown duration)

You know the term "seeing how the sausage is made"? Well, if you could ACTUALLY see how sausages are made, you'd be impressed.

The same is not true for software security. From headline grabbing breaches like solarwinds, Log4j, Codecov to run-of-the-mill vulnerability management, things are in a sad state.

This talk will also cover current proposed mitigations, like SBOM and asset signing and deploy-time checks.

Presenters:

• Sam "Frenchie" Stewart - Upright duck
  Frenchie is far too biased to answer this question, and instead chooses to break the 4th wall. Originally from Batmania, by way of San Secuestro, he is currently a Covid Refugee living in Queenstown. Previously, he was part of the 🤖 🚗 skynet prevention squad as Infrastructure Security Engineering Manager at Cruise. Shipped https://github.com/cruise-automation/k-rail and can often be found tinkering with cloud, cluster & container security things (anything starting with a C, really).

Links:

• https://2022.chcon.nz/speakers/sam/

Similar Presentations:

• May Contain Hackers (MCH2022) / Supply chain security; addressing risk and dependencies issues the right way (with open source!)
• ToorCon San Diego TwentyOne (2019) / Blue Team Set Us Up The SBOM
• Diana Initiative 2022 / Leveraging Software Bill of Material(SBOM) to foster open source software security