Loading…
October 11, 2021
Los Angeles, California + Virtual
View More Details & Registration

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon North America 2021 - Los Angeles, CA + Virtual and add this Co-Located event to your registration to participate in these sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Pacific Standard Time (PST), UTC -7. To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change.

IMPORTANT NOTE: Timing of sessions and room locations are subject to change through Monday, September 13 due to schedule changes that will be made as speakers finalize whether speaking in person or virtually.
Back To Schedule
Monday, October 11 • 2:35pm - 3:05pm
State of the Art Supply Chain Security (in-toto, TUF, and SigStore) - Trishank Karthik Kuppusamy, Datadog; Asra Ali, Google & Santiago Torres-Arias, Purdue University

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share
Feedback form is now closed.
In this talk, we’ll explore the complementary roles that TUF, in-toto, and SigStore play in creating a transparent hack-proof software supply chain that thwarts man-in-the-middle attacks anywhere between developers and end-users. The talk will build off the basics of using in-toto and TUF together to deliver hack-proof updates, especially how it was done for the first time in the industry at Datadog, and then going the extra mile with SigStore. We’ll see how SigStore’s transparent and auditable model holds publishers accountable in this system. Finally, we’ll see a real example of the whole stack in action for the first time with Datadog’s integration, and show just how easy it is to adopt yourself!
Speakers
avatar for Trishank Karthik Kuppusamy

Trishank Karthik Kuppusamy

Staff Security Engineer / Engineering Manager, Datadog
Trishank Karthik Kuppusamy is a Staff Security Engineer / Engineering Manager at Datadog, where he designed and implemented the industry's first-known, publicly-verifiable Solarwinds-proof software supply chain for the Datadog Agent integrations in 2018. He has been and remains heavily... Read More →
avatar for Asra Ali

Asra Ali

Senior Software Engineer, Google
Asra is Software Engineer on the Google Open Source Security Team (GOSST) where she works on projects like Sigstore. She’s a maintainer of Sigstore’s Rekor, and The Update Framework’s go-tuf implementation. In previous times, she worked on Envoy, fuzzing, and privacy-preserving... Read More →
avatar for Santiago Torres-Arias

Santiago Torres-Arias

Assistant Professor of Electrical and Computer Engineering, Purdue University
Santiago is an Assistant Professor at Purdue's Electrical andComputer Engineering Department. His interests include binaryanalysis, cryptography, distributed systems, andsecurity-oriented software engineering. His current researchfocuses on securing the software development lifecycle... Read More →

SupplyChainSecurityCon 2021 State of the art supply chain security pdf
Monday October 11, 2021 2:35pm - 3:05pm PDT
Room 403AB + Online Los Angeles Convention Center - 1201 S. Figueroa Street, Los Angeles, CA 90015
  General Session