The Past, Present, and Future of Supply Chain Security
Supply chain security has become a massive talking point across the software industry over the last several years, from open source communities all the way to government circles and regulated industries. Unfortunately, the problem space is complex and encompasses several dozen individual threat vectors at different points of the development lifecycle that each require individual fixes.
This talk will cover the state of software supply chain security over the last 40 years. Attendees will learn how to detangle the mess of related but distinct problems that are facing the industry, and how open source fits in and plays a critical role. The talk will also cover new techniques for mitigating and protecting against these threats, in both open source and proprietary software development environments.
Dan Lorenc Bio
Dan has been working on and worrying about containers since 2015. He started projects like Minikube, Skaffold, and Kaniko to make containers easy and fun. He then got so worried about the state of OSS supply-chains that he partnered up with Kim Lewandowski and others to found the Tekton and Sigstore projects to make it easier to build and use containers securely; as well as SLSA to create a common language for software security and supply chain integrity. He also helped found Chainguard, where he's now the CEO.