Aug 2023
21 Mon
22 Tue
23 Wed
24 Thu
25 Fri 05:30 PM – 06:25 PM IST
26 Sat
27 Sun
Oct 2023
2 Mon
3 Tue
4 Wed
5 Thu
6 Fri 05:30 PM – 06:30 PM IST
7 Sat
8 Sun
17:30–18:25
Practical SLSA for Developers and Application Security Professionals
Sastry Tulumuri, Operations Director at NotSoSecure
17:30–18:30
SLSA in Action Against Unauthorized Modifications to Source Code
Sastry Tumuluri and Zadeek Ummer, NotSoSecure
Aug 2023
21 Mon
22 Tue
23 Wed
24 Thu
25 Fri 05:30 PM – 06:25 PM IST
26 Sat
27 Sun
Oct 2023
2 Mon
3 Tue
4 Wed
5 Thu
6 Fri 05:30 PM – 06:30 PM IST
7 Sat
8 Sun
Hosted by
Sastry Tulumuri, Operations Director at NotSoSecure
Aug 25, 2023, 5:30 PM–6:25 PM
This video is for members only
View submission for this session
Software supply chain integrity has been a hot topic for a few years now. Yet, the 99% of AppSec professionals stop at basic SBOM/SCA activities and call it done. Clearly, that is not enough. SLSA, despite being around 2+ years, is yet to find widespread awareness, let alone adopton.
This session will introduce the ideas and concepts behind SLSA - discussing why it is needed, what problems it solves at each “level” and how.
There is adequate tooling/support for SLSA use on popular platforms. Using this tooling, the session will show how to generate SLSA provenance and how this may be used by “consumers” of the software artifacts, to ascertain the trustworthiness/integrity of those artifacts.
This will be a practical approach session; not an academic dissertation of SLSA and it’s specification/documentation.
