October 11, 2021
Los Angeles, California + Virtual
View More Details & Registration

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon North America 2021 - Los Angeles, CA + Virtual and add this Co-Located event to your registration to participate in these sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Pacific Standard Time (PST), UTC -7. To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change.

IMPORTANT NOTE: Timing of sessions and room locations are subject to change through Monday, September 13 due to schedule changes that will be made as speakers finalize whether speaking in person or virtually.
Back To Schedule
Monday, October 11 • 2:05pm - 2:35pm
An Overview on SLSA - Tom Hennen, Google & Joshua Lock, VMware

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
SLSA – Supply-chain Levels for Software Artifacts – introduces a comprehensive methodology to prevent tampering with the software supply chain.  To illustrate the impact of SLSA, we follow a few gremlins as they try to introduce malicious code into a container image used by thousands of projects.  At each step of the supply chain we show how SLSA controls raise the cost of attack, preventing the gremlins from causing any harm.

avatar for Joshua Lock

Joshua Lock

Open Source Architect, Verizon
Joshua is Open Source Architect in Verizon's Open Source Program Office where he leads efforts to improve consistency around how Verizon uses open source. As part of his work at Verizon he works upstream on software supply chain security standards and tools; he is a steering committee... Read More →
avatar for Tom Hennen

Tom Hennen

Software Engineer, Google
Tom is a maintainer of the Supply-chain Levels for Software Artifacts (SLSA) project.  He works at Google as a tech lead for their internal supply chain integrity team.  He previously worked in the defense industry where he was the Principal Investigator for a DARPA STAC red team... Read More →

Monday October 11, 2021 2:05pm - 2:35pm PDT
Room 403AB + Online Los Angeles Convention Center - 1201 S. Figueroa Street, Los Angeles, CA 90015