SLSA masterclasses

SLSA masterclasses

Empower DevOps to do security

Tickets

Loading…

Context

In today’s digital landscape, software development has become increasingly complex, with multiple layers and dependencies involved in creating and delivering software artifacts. Understanding and effectively managing the supply chain levels for software artifacts has become crucial for organizations to ensure efficient and secure software development practices.

This masterclass series aims to provide participants with comprehensive knowledge and practical insights into the supply chain levels pertaining to software artifacts.
From a high level overview of SLSA framework and requirements to setting up various attestation formats in SLSA and implementing them, getting to SLSA-1, 2, 3 and 4, and meeting “Source” requirements across all levels, each topic will be explored in detail, emphasizing their role in the software development lifecycle. Additionally, the series will delve into key considerations such as software supply chain security threats addressed by SLSA, regulatory compliance made easier, and what to expect in future SLSA upgrades.

Through a combination of expert-led sessions, case studies, and hands-on exercises, participants will gain a deeper understanding of supply chain management practices specific to software artifacts. By the end of the series, participants will be equipped with the necessary skills to optimize software artifact supply chains, enhance productivity, ensure security, and maintain compliance in their software development processes.

Key takeaways for participants

  1. Best practices for implementing software supply chain security controls.
  2. Techniques and design choices for reducing risk exposure in SDLC caused by use of external software and dependencies.
  3. Case studies, practical guidelines, and tried-and-tested experience from been-there, done-that practitioners.

Who should participate

  1. Security architects
  2. DevSecOps engineers
  3. Software developers
  4. Threat detection and incident response teams - engineers and analysts.
  5. DevOps and config management teams
  6. QA & release management teams
  7. Companies from different domains with different levels of scale.

Speaking

If you are interested in conducting a masterclass, submit your talk idea here. Arjun BM - editor of the masterclass series - will review your talk idea and give feedback.
Guidelines for speaking are published here.

About the editor

This masterclass series is curated by Arjun BM.
Arjun is Chief Security Architect at Finastra. He is an Information Security expert with two decades of experience in areas like application security, security architecture, and DevSecOps.

Become a Rootconf Member to join

This master class series will be held online. Attendance is open to Rootconf members only. If you have questions about participation, post a comment here.

Sponsorship

Sponsorship slots are open for:

  1. Tool providers.
  2. Companies seeking tech branding for hiring.
    If you are interested in sponsoring, email sales@hasgeek.com.

Contact information

Join the Rootconf Telegram group at https://t.me/rootconf or follow @rootconf on Twitter.
For inquiries, contact Rootconf at +91-7676332020.

Hosted by

Rootconf is a community-funded platform for activities and discussions on the following topics: Site Reliability Engineering (SRE). Infrastructure costs, including Cloud Costs - and optimization. Security - including Cloud Security. more

Sas3

@sas3

Practical SLSA for Developers and Application Security Professionals

Submitted Aug 18, 2023

Software supply chain integrity has been a hot topic for a few years now. Yet, the 99% of AppSec professionals stop at basic SBOM/SCA activities and call it done. Clearly, that is not enough. SLSA, despite being around 2+ years, is yet to find widespread awareness, let alone adopton.

This session will introduce the ideas and concepts behind SLSA - discussing why it is needed, what problems it solves at each “level” and how.

There is adequate tooling/support for SLSA use on popular platforms. Using this tooling, the session will show how to generate SLSA provenance and how this may be used by “consumers” of the software artifacts, to ascertain the trustworthiness/integrity of those artifacts.

This will be a practical approach session; not an academic dissertation of SLSA and it’s specification/documentation.

Comments

{{ gettext('Login to leave a comment') }}

{{ gettext('Post a comment…') }}
{{ gettext('New comment') }}
{{ formTitle }}

{{ errorMsg }}

{{ gettext('No comments posted yet') }}

Hosted by

Rootconf is a community-funded platform for activities and discussions on the following topics: Site Reliability Engineering (SRE). Infrastructure costs, including Cloud Costs - and optimization. Security - including Cloud Security. more