Verifiable Trust: Improving Supply Chain Security with Code Signing
Details
This meetup is organized by DotNetDevs.at (https://dotnetdevs.at/).
Abstract:
Supply chain security is a trending subject, but between SBOMs, SCA and CVEs, SLSA and provenance, and all these buzzwords – what can we really do today to improve security for our users and customers?
Secure software is not only about getting the code right. As frequent incidents demonstrate, it’s also about protecting against hostile attacks on our own build pipelines and on software supply chains.
Customers will often rely on code signing for Windows or .NET-based software – it’s built into the platform after all. While this is a good thing, there are still some significant pitfalls for both producers and consumers.
You will learn about
- current threats to software supply chains
- currently available and proposed solutions and standards
- pragmatic measures and risk-driven prioritization
- code signing pitfalls to watch out for
Parts of this talk were presented in October at heise devSec in Karlsruhe. It closes with a short demo of our code signing platform SignPath.
Timetable:
- 18:00: Door opens at RUBICON & Stream starts at
https://www.twitch.tv/dotnetdevsat or
https://www.youtube.com/c/DotNetDevsAustria - 18:15: Intro
- 18:20: Talk starts
- 19:15: Food & Drinks
- 21:00: End
Recordings will be available afterward on https://go.dotnetdevs.at/recordings
This meetup is organized by DotNetDevs.at (https://dotnetdevs.at/).
This meetup is sponsored by
- TietoEvry Austria (https://www.tieto.at/)
- RUBICON IT GmbH (https://www.rubicon.eu/rubicon/)
- JetBrains (https://jetbrains.com)