Session Name: A Different Kind of S3: First Line Security of the Supply Chain
This past year we learned the hard way that your software supply chain is only as secure as its weakest link - from Solarwinds, to CodeCov and Log4j. Your third-party and open source packages and imports are only one zero-day exploit away from compromising your entire production operation. In this talk we’ll focus on three core areas to securing the supply chain, through an easy mnemonic we call the three S’s - Software Bill of Materials (SBOM), Signing, and Slimming. By first identifying your inventory and knowing what you need to secure, you can then verify your packages and build an immutable identity, and ultimately by slimming you minimize the attack surface. We’ll walk through the practical ways to apply these methods to your software supply chain as first line security controls.
Pieter van Noordennen is the Senior Director of Growth at Slim.AI, a startup focused on creating better developer experiences for cloud-native application development. Prior to joining Slim.AI, he led product and platform teams at Tripadvisor, building and shipping innovative, machine-learning-driven applications in high-availability, microservices-driven environments.