Everything’s Valid in Code & War: Attacks on the Software Supply Chain – Santiago Torres Arias – PSW #776
Software supply chain attacks, those in which hackers target the "water supply" of software are on the rise. This makes software developers everywhere valid targets. We will discuss the developer perspective on software supply chain attacks.
Segment Resources: https://in-toto.io https://sigstore.dev
Announcements
We’d like to invite our listeners to be part of our 2023 SC Awards!
Our prestigious and competitive SC Awards program recognizes outstanding innovations, organizations, and leaders that are advancing the practice of information security. This year, there are awards in 36 categories up for grabs, including best IT security-related training program, innovator of the year, best SASE solution, and more. We’d love to see your company in the spotlight!
Visit securityweekly.com/scawards to submit your entries by March 20!
Guest
Santiago is an Assistant Professor at Purdue’s Electrical and Computer Engineering Department. His interests include binary analysis, cryptography, distributed systems, and security-oriented software engineering. His current research focuses on securing the software development lifecycle, cloud security, and update systems. Santiago is a member of the Arch Linux security team and has contributed patches to F/OSS projects on various degrees of scale, including Git, the Linux Kernel, Reproducible Builds, NeoMutt, and the Briar project. Santiago is also a maintainer for Cloud Native Computing Foundation’s project The Update Framework (TUF) as well as the lead of the in-toto and Sigstore projects.
Hosts
