SLSA masterclasses

Context

In today’s digital landscape, software development has become increasingly complex, with multiple layers and dependencies involved in creating and delivering software artifacts. Understanding and effectively managing the supply chain levels for software artifacts has become crucial for organizations to ensure efficient and secure software development practices.

This masterclass series aims to provide participants with comprehensive knowledge and practical insights into the supply chain levels pertaining to software artifacts.
From a high level overview of SLSA framework and requirements to setting up various attestation formats in SLSA and implementing them, getting to SLSA-1, 2, 3 and 4, and meeting “Source” requirements across all levels, each topic will be explored in detail, emphasizing their role in the software development lifecycle. Additionally, the series will delve into key considerations such as software supply chain security threats addressed by SLSA, regulatory compliance made easier, and what to expect in future SLSA upgrades.

Through a combination of expert-led sessions, case studies, and hands-on exercises, participants will gain a deeper understanding of supply chain management practices specific to software artifacts. By the end of the series, participants will be equipped with the necessary skills to optimize software artifact supply chains, enhance productivity, ensure security, and maintain compliance in their software development processes.

Key takeaways for participants

1. Best practices for implementing software supply chain security controls.
2. Techniques and design choices for reducing risk exposure in SDLC caused by use of external software and dependencies.
3. Case studies, practical guidelines, and tried-and-tested experience from been-there, done-that practitioners.

Who should participate

1. Security architects
2. DevSecOps engineers
3. Software developers
4. Threat detection and incident response teams - engineers and analysts.
5. DevOps and config management teams
6. QA & release management teams
7. Companies from different domains with different levels of scale.

Speaking

If you are interested in conducting a masterclass, submit your talk idea here. Arjun BM - editor of the masterclass series - will review your talk idea and give feedback.
Guidelines for speaking are published here.

About the editor

This masterclass series is curated by Arjun BM.
Arjun is Chief Security Architect at Finastra. He is an Information Security expert with two decades of experience in areas like application security, security architecture, and DevSecOps.

Become a Rootconf Member to join

This master class series will be held online. Attendance is open to Rootconf members only. If you have questions about participation, post a comment here.

Sponsorship

Sponsorship slots are open for:

1. Tool providers.
2. Companies seeking tech branding for hiring.
   If you are interested in sponsoring, email sales@hasgeek.com.

Contact information

Join the Rootconf Telegram group at https://t.me/rootconf or follow @rootconf on Twitter.
For inquiries, contact Rootconf at +91-7676332020.