What we're about

Community to learn and share experiences about implementation, operations and security of cloud infrastructure, DevOps and continuous delivery.

In short, anything to do with the DevOps and Cloud ecosystem that interests you. We will specifically focus on DevOps and Cloud technologies. All skills levels are welcome. Like our other Meetups, there will be a hands-on approach topics covered in the Meetup.

Upcoming events (1)

Google SLSA & NIST SSDF: Emerging Software Supply Chain Security Best Practices

IF YOU'D LIKE TO JOIN LIVE AND/OR GET A COPY OF THE RECORDING, MAKE SURE TO SIGN UP HERE AND NOT JUST ON MEETUP: https://source-code.cycode.com/nist-vs-google?utm_source=slstore

Google SLSA & NIST SSDF: Emerging Software Supply Chain Security Best Practices

Wednesday, February 09, 2021 I 1 PM EST I 10 AM PST

The severity and frequency of software supply chain attacks have increased significantly. How should software teams react to these new threats? Several new frameworks are emerging. At the behest of an executive order from the Whitehouse, The National Institute of Standards and Technology (NIST) created the NIST Secure Software Development Framework (SSDF) with robust guidance on what should be secured in the software supply chain. Similarly, Google has also released the Supply chain Levels for Software Artifact (SLSA) framework for ensuring software supply chain and building integrity.

While there is some overlap, NIST tends to focus on the “what” and Google SLSA focuses on the “how.” Combined, these two frameworks make an excellent roadmap on securing software supply chains. Yet, this combined roadmap is still not without security gaps. This webinar will compare and contrast NIST SSDF and Google SLSA:

- Introduction & the rise of software supply chain attacks
- Google SLSA
- Comparing SSDF & SLSA
- Covering gaps
- Demo
- Q&A

Photos (1)