Loading…
May 2-4, 2018 - Copenhagen, Denmark
Click Here For Information & Registration
Back To Schedule
Wednesday, May 2 • 11:10 - 11:45
Completely Securing the Software Supply Chain using Grafeas + in-toto - Lukas Puehringer, NYU & Wendy Dembowski, Google (Any Skill Level) (Slides Attached)

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share
Feedback form is now closed.
Continuous delivery, a prevalent concept in the cloud native ecosystem, has drastically simplified and accelerated development and deployment of software from its inception to the enduser. Unfortunately, the continuous delivery supply chain has become an attractive target for attacks. An attacker that compromises any of the steps of the supply chain, or alters the product in transit, can target all users at once.

In this talk Wendy Dembowski and Lukas Puehringer will introduce in-toto and grafeas(grafeas.io), a software supply chain security ecosystem to verify the supply chain integrity, authenticity and compliance of any application. The talk will feature real-life examples, such as the target deployments for various popular projects, including Debian, Arch Linux, reproducible builds and Docker.
Speakers
avatar for Wendy Dembowski

Wendy Dembowski

Software Engineer, Google
Wendy is a Senior Staff Software Engineer at Google where she focuses on Cloud CI/CD. She has spoken previously at Kubecon, Dockercon, and Qcon. Wendy is obsessed with dogs, and includes them in her presentations as much as possible.
avatar for Lukas Pühringer

Lukas Pühringer

Researcher / Engineer, NYU Tandon School of Engineering
Lukas Pühringer is a research scholar and software developer at the NYU Center for Cyber Security (CCS), where he leads the development of The Update Framework (TUF), and has been co-maintaining several of Prof. Justin Cappos’ software projects, most notably the supply chain security... Read More →

2018 Kubecon Grafeas in toto pdf
Wednesday May 2, 2018 11:10 - 11:45 CEST
C1-M3
  Security+Identity+Signing, Any