Loading…
Timezone
In-person + Virtual
October 11-15
Learn More and Register to Attend

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon North America 2021 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Pacific Daylight Time (UTC -7). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change.
Back To Schedule
Wednesday, October 13 • 11:00am - 11:35am
Kubernetes Supply Chain Security: The Software Factory - Andrew Martin, Control Plane

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share
Feedback form is now closed.
The original supply chain attack was described by Ken Thompson 35 years ago, in Reflections on Trusting Trust. As the SUNBURST attacks abuse the same implicit trust relationship between consumers and vendors today, we ask ourselves: does cloud native have the answer? Based on work from the US Air Force and DoD, we present a Kubernetes Software Factory approach that can defend against supply chain risks. But can we mitigate the risk entirely? What about consuming closed source and binary artefacts? Is there a silver bullet for this producer-consumer problem, that impacts supply chain relationships at all levels of industry and technology? In this talk we: - Showcase work to build a Kubernetes Software Factory with Tekton - Deep dive on signing and verification approaches to securely build software with in-toto, TUF, SPIFFE, SPIRE, and sigstore - Review lessons learned from the SUNBURST attacks - Detail future cloud native solutions to harden Kubernetes, builds, and infrastructure
Speakers
avatar for Andrew Martin

Andrew Martin

CEO, ControlPlane
Andrew has an incisive security engineering ethos gained building and destroying high-traffic web applications. Proficient in systems development, testing, and operations, he is at his happiest profiling and securing every tier of a cloud native system, and has battle-hardened experience... Read More →

ControlPlane Kubernetes Supply Chain Security The Software Factory (KubeCon NA, October 2021) pdf
Wednesday October 13, 2021 11:00am - 11:35am PDT
Concourse Hall 151 + Online
  Security + Identity + Policy