How SLSA Fires Up Your Software Supply Chain Security: Real World Examples
Software supply chain security has become a hot topic as of late, as attackers have found ways to exploit multiple soft spots in the development process, from source to build to external dependencies deployment. But while many tools exist to address stage-specific or downstream threats, they mostly start beyond source and build, which is where supply chain attacks often occur.
To answer this, the Supply-chain Levels for Software Artifacts (SLSA) has emerged as a cross-industry framework, setting out requirements for increasing levels of security. So how does one begin to implement SLSA with actionable advice and concrete examples? Glad you asked!
This webinar aims to make SLSA a practical reality for your organization, so that you can implement security guarantees for every stage in your development pipeline.
Join our SLSA experts as they discuss:
- SLSA Levels – Is your level mild, medium or hot?
- The landscape of solutions, ranging from design to container and open source components
- Why SLSA is better with GUAC
- Examples of organizations adopting SLSA
- The SLSA roadmap, with v1.0 focusing on the “build” track and Level 3 attainment
Watch this webinar on-demand to hear from the experts themselves, stay ahead of government and internal requirements, and fire back against malicious actors.
Michael Lieberman, CTO and Co-founder, Kusari
Michael Lieberman is Co-founder and CTO of Kusari. His passion is in applying his expertise to use cases where privacy and security are paramount. Mostly recently he has been focused on work within the software supply chain security space. He is also highly committed to open-source, having co-created projects like GUAC and FRSCA, along with having co-lead white papers like the CNCF’s Secure Software Factory Reference Architecture. He is an OpenSSF SLSA steering committee member, OpenSSF Technical Advisory Council (TAC) member, tech lead for the CNCF Security Technical Advisory Group (STAG), and formerly co-chaired the CNCF FinServ User Group. His career has led him from startups to multinational financial institutions and everything in between.
Loreli Cadapan – Chief Product Officer, ActiveState
Loreli has 20+ years of experience in the enterprise software industry, successfully having worked at enterprise and startups, focused in DevOps and DevSecOps. She has held different roles from coding, architecture, development management, to product management. Loreli currently leads the Product team at ActiveState, building products to power the world’s software development teams and accelerate their application security solutions.