Loading…
June 26-27, 2024 | Seattle, WA
View More Details | Registration Information

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for CloudNativeSecurityCon North America 2024 to participate in these sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Pacific Daylight Time (PDT), UTC -7. To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date."

The schedule is subject to change.
← Back to schedule
The Runtime Rodeo; Where Open Source Image Behavior Is Tamed - Jimmy Mesta, RAD Security
Thursday June 27, 2024 11:50am - 12:25pm PDT
445
In this talk, we will discuss a new proposed standard for creating behavioral fingerprints of open source image's behavior at runtime. In cloud native security, software supply chain security has been focused almost exclusively on what happens before a container's deployment, focusing on SBOMs, SCA, like SCA, CVEs, image signing and more. But the most well-known software supply chain attack, Solar Winds, was not a CVE. Their software was tampered with in the CI/CD process, and then released to customers. What if a company could create a cryptographically verified runtime behavioral fingerprint? It would be the ultimate software supply chain verification, and would have stopped the Solar Winds attack. In this talk, we will discuss the decision points for the new standard, in terms of what should be included in or excluded from the fingerprint and why, using different open source images like nginx or apache as examples.
Speakers
avatar for Jimmy Mesta

Jimmy Mesta

CTO and Co-Founder, RAD Security
Jimmy Mesta is the founder and Chief Technology Officer at RAD Security. He is responsible for the technological vision for the RAD Security platform. A veteran security engineering leader focused on building cloud-native security solutions; Jimmy has held various leadership positions... Read More →
Runtime Rodeo 2024 DarkVersion.pptx pdf
Thursday June 27, 2024 11:50am - 12:25pm PDT
445
  Supply Chains + Containers + Application Security
  • Content Experience Level Beginner
  • Presentation Slides Attached Yes
Feedback form is now closed.

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share
Share Modal

Share this link via

Or copy link