Understanding Software Trust: Secure Attestations & the in-toto Framework
Hosted by Stacklok Developer AI User Group
Details
Securi-Taco Tuesdays presents
Understanding Software Trust: Let’s explore Secure Attestations & the in-toto framework
🗓️ September 17, 2024
⏰ 11:00am PT | 12:00pm MT | 1:00pm CT | 2:00pm ET | 7:00pm BST | 8:00pm CET | 9:00pm EET
--------------------------------------------
Join Adolfo García Veytia, Stacklok Staff Engineer based out of Mexico City, and Stacey Potter, Stacklok Open Source Community Manager based out of New York as they dive into all things Security + Tacos!
Today's Topic: Understanding Software Trust: Let’s explore Secure Attestations & the in-toto framework
During this episode of Securi-Taco Tuesdays, we’re diving into the world of software trust and security with this introductory level discussion on software attestations and the open source project in-toto (a CNCF incubating project). We’ll explore how software attestations provide critical insights into the integrity and authenticity of code, and how the in-toto project’s comprehensive framework ensures secure supply chains. We’ll talk about practical strategies for implementing these tools to protect against vulnerabilities, ensuring that every step of your software’s lifecycle meets the ultimate standards of trust and security.
--------------------------------------------
Guest Speaker: Santiago Torres-Arias, Assistant Professor at Purdue
Santiago is an Assistant Professor at Purdue's Electrical and Computer Engineering Department. His interests include binary analysis, cryptography, distributed systems, and security-oriented software engineering. His current research focuses on securing the software development lifecycle, cloud security, and update systems. Santiago is a member of the Arch Linux security team and has contributed patches to F/OSS projects on various degrees of scale, including Git, the Linux Kernel, Reproducible Builds, NeoMutt, and the Briar project. Santiago is also a maintainer for Cloud Native Computing Foundation's project The Update Framework (TUF) as well as lead the in-toto and Sigstore projects.
--------------------------------------------
Event Links:
--------------------------------------------
About our Hosts:
Adolfo García Veytia (@puerco) is a staff software engineer with Stacklok He is one of the Kubernetes SIG Release Technical Leads, actively working on the Release Engineering team. He specializes in improving the software that drives the K8s release process. He is also the creator of the OpenVEX and protobom projects currently incubating in the OpenSSF. Adolfo is passionate about coding with friends, helping new contributors, and amplifying the Latinx presence in the Cloud Native community.
Stacey is an Open Source Community Manager at Stackok. Stacey has been in open source since 2009 and in the cloud native community since 2019 when she joined Weaveworks and worked as a Community Manager on various Open Source projects, including Flux. She currently participates in the GitOps Working Group / OpenGitOps communities. Stacey has organized and produced events such as the GitOpsDays conference and various meetups, and is a Program Co-Chair of Platform Engineering Day. When she’s not helping folx in the cloud native & open source communities, you can find her working on various home renovation projects, playing golf, or hanging at home with family or at trivia/karaoke nights at the local pub with friends.
--------------------------------------------
*If you're interested in speaking as a guest, please email us at TACOS@stacklok.com*