Loading…
June 26-27, 2024 | Seattle, WA
View More Details | Registration Information

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for CloudNativeSecurityCon North America 2024 to participate in these sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Pacific Daylight Time (PDT), UTC -7. To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date."

The schedule is subject to change.
← Back to schedule
Is the Internet on Fire? Strategies for Mitigating Open Source Software Vulnerabilities - Andrew Martin, ControlPlane & Michael Lieberman, Kusari
Thursday June 27, 2024 3:50pm - 4:25pm PDT
433
Open source is deployed everywhere, but is no longer trusted by default. Supply chain attacks via package registries, GitHub, and various accidental and entirely understandable vulnerabilities have proven that nothing is entirely secure. What tools do we have at our disposal to defend ourselves? From examining SBOMs and source code, open source ingestion techniques and signing, to assured open source programs, traditional defence in depth measures, and the emerging next generation of security controls — this talk examines the open source security landscape and the tools, patterns, and practices we have available to defend ourselves. We dive deep into: - The safety and sanctity of open source software ingested from GitHub and package managers - The value of SBOMs and assured software throughout the build, ingestion, and runtime phases - Incident response with open source security tools - Designing systems beyond zero trust for compromise resilience and assumed breach
Speakers
avatar for Andrew Martin

Andrew Martin

CEO, ControlPlane
Andrew has an incisive security engineering ethos gained building and destroying high-traffic web applications. Proficient in systems development, testing, and operations, he is at his happiest profiling and securing every tier of a cloud native system, and has battle-hardened experience... Read More →
avatar for Michael Lieberman

Michael Lieberman

CTO, Kusari
Michael Lieberman is a technologist focused on IT transformations. Mostly recently he has been focused on work within the software supply chain security space. He is an OpenSSF SLSA steering committee member, and tech lead for the CNCF Security Technical Advisory Group (STAG). He... Read More →
Thursday June 27, 2024 3:50pm - 4:25pm PDT
433
  Supply Chains + Containers + Application Security
Feedback form is now closed.

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share
Share Modal

Share this link via

Or copy link