How your software sausage is made: current state of software supply chain security

Sam “Frenchie” Stewart (Upright duck)

You know the term “seeing how the sausage is made”? Well, if you could ACTUALLY see how sausages are made, you’d be impressed.

The same is not true for software security. From headline grabbing breaches like solarwinds, Log4j, Codecov to run-of-the-mill vulnerability management, things are in a sad state.

This talk will also cover current proposed mitigations, like SBOM and asset signing and deploy-time checks.

About Sam

Frenchie is far too biased to answer this question, and instead chooses to break the 4th wall. Originally from Batmania, by way of San Secuestro, he is currently a Covid Refugee living in Queenstown.

Previously, he was part of the 🤖 🚗 skynet prevention squad as Infrastructure Security Engineering Manager at Cruise. Shipped and can often be found tinkering with cloud, cluster & container security things (anything starting with a C, really).