Trust & Verify: How Code Signing and Sigstore Secure the Software Supply Chain
Hosted by Stacklok Developer AI User Group
Details
Securi-Taco Tuesdays - Trust and Verify: How Code Signing and Sigstore Secure the Software Supply Chain
August 27, 2024
12:00pm PT | 1:00pm MT | 2:00pm CT | 3:00pm ET | 8:00pm BST | 9:00pm CET | 10:00pm EET
--------------------------------------------
Join Adolfo García Veytia, Stacklok Staff Engineer based out of Mexico City, and Stacey Potter, Stacklok Open Source Community Manager based out of New York as they dive into all things Security + Tacos!
Today's Topic: Trust and Verify: How Code Signing and Sigstore Secure the Software Supply Chain
Code signing is crucial for ensuring the authenticity and integrity of software, but what exactly does it entail? In this livestream, we'll demystify code signing, exploring its significance in software security and how it helps prevent tampering and unauthorized modifications. From understanding digital signatures to the role of certificate authorities, we'll cover it all.
Once we’ve covered the basics of code signing, we’ll dive into Sigstore, the open source project created to make it easier for developers to securely sign and verify software artifacts. Sigstore leverages cryptographic principles and transparency logs to enhance trust and accountability. We'll discuss how Sigstore works, its benefits, and its potential to revolutionize software assurance practices.
Whether you're a developer looking to bolster your understanding of code signing or a security enthusiast interested in emerging technologies like Sigstore, this livestream offers valuable insights and practical knowledge. Get ready to dive into the mechanisms that safeguard software integrity and explore the future of secure software development.
--------------------------------------------
Guest Speakers:
Hayden Blauzvern is a technical lead & manager on Google’s Open Source Security Team, focused on making open-source software more secure through code signing and applied transparency. Hayden is a maintainer and the community chair on the Sigstore project.
Bob Callaway leads Google's Open Source Security Team. He and his team directly contribute to critical OSS secure software supply chain projects (including Sigstore that he co-founded), as well as help drive adoption of best practices throughout the broader open source ecosystem.
--------------------------------------------
Event Links:
--------------------------------------------
About our Hosts:
Adolfo García Veytia (@puerco) is a staff software engineer with Stacklok He is one of the Kubernetes SIG Release Technical Leads, actively working on the Release Engineering team. He specializes in improving the software that drives the K8s release process. He is also the creator of the OpenVEX and protobom projects currently incubating in the OpenSSF. Adolfo is passionate about coding with friends, helping new contributors, and amplifying the Latinx presence in the Cloud Native community.
Stacey is an Open Source Community Manager at Stackok. Stacey has been in open source since 2009 and in the cloud native community since 2019 when she joined Weaveworks and worked as a Community Manager on various Open Source projects, including Flux. She currently participates in the GitOps Working Group / OpenGitOps communities. Stacey has organized and produced events such as the GitOpsDays conference and various meetups, and is a Program Co-Chair of Platform Engineering Day. When she’s not helping folx in the cloud native & open source communities, you can find her working on various home renovation projects, playing golf, or hanging at home with family or at trivia/karaoke nights at the local pub with friends.
--------------------------------------------
If you're interested in speaking as a guest, please email us at TACOS@stacklok.com
--------------------------------------------