Everything’s Valid in Code & War: Attacks on the Software Supply Chain – Santiago Torres Arias – PSW #776

Full episode and show notes



Santiago Torres Arias
Assistant Professor at Purdue University

Santiago is an Assistant Professor at Purdue’s Electrical and Computer Engineering Department. His interests include binary analysis, cryptography, distributed systems, and security-oriented software engineering. His current research focuses on securing the software development lifecycle, cloud security, and update systems. Santiago is a member of the Arch Linux security team and has contributed patches to F/OSS projects on various degrees of scale, including Git, the Linux Kernel, Reproducible Builds, NeoMutt, and the Briar project. Santiago is also a maintainer for Cloud Native Computing Foundation’s project The Update Framework (TUF) as well as the lead of the in-toto and Sigstore projects.


Principal Security Evangelist at Eclypsium
Product Security Research and Analysis Director at Finite State
Brainstem Hacker and InfoSec Enthusiast at Redacted
Founder at Infosec Decoded, Inc.
Director of Offensive Security & Research at Trimarc Security, Founder & CEO at Dark Element