Aug 2023
21 Mon
22 Tue
23 Wed
24 Thu
25 Fri 05:30 PM – 06:25 PM IST
26 Sat
27 Sun
Oct 2023
2 Mon
3 Tue
4 Wed
5 Thu
6 Fri 05:30 PM – 06:30 PM IST
7 Sat
8 Sun
Sas3
@sas3
Practical SLSA for Developers and Application Security Professionals
Submitted Aug 18, 2023
Software supply chain integrity has been a hot topic for a few years now. Yet, the 99% of AppSec professionals stop at basic SBOM/SCA activities and call it done. Clearly, that is not enough. SLSA, despite being around 2+ years, is yet to find widespread awareness, let alone adopton.
This session will introduce the ideas and concepts behind SLSA - discussing why it is needed, what problems it solves at each “level” and how.
There is adequate tooling/support for SLSA use on popular platforms. Using this tooling, the session will show how to generate SLSA provenance and how this may be used by “consumers” of the software artifacts, to ascertain the trustworthiness/integrity of those artifacts.
This will be a practical approach session; not an academic dissertation of SLSA and it’s specification/documentation.
Comments
Hosted by
{{ gettext('Login to leave a comment') }}
{{ gettext('Post a comment…') }}{{ errorMsg }}
{{ gettext('No comments posted yet') }}