Reflections on Trust in the Software Supply Chain

This talk delves into the current state of software supply chain security and the challenges organizations face in ensuring the security and trustworthiness of their software.

The current efforts to secure the software supply chain, including Supply-chain Levels for Software Artifacts (SLSA), Software Bill of Materials (SBOM), code signing, and the security of the build tool chain, will be critically evaluated. While many of these efforts are key to securing the software supply chain - a demonstration will highlight how …

artifacts bill challenges code code signing current materials organizations sbom security signing slsa software software bill of materials software supply chain software supply chain security state supply supply chain supply chain security trust trustworthiness