Santiago Torres-Arias - Purdue University
Students: Spring 2025, unless noted otherwise, sessions will be virtual on Zoom.
Practical software Supply Chain Security and Transparency
Mar 17, 2021
Download:

Abstract
The software development process, or software supply chain, is quite complex and involves a number of independent actors. Due to this ever-growing complexity has led to various software supply chain compromises: from XCodeGhost injecting malware on millions of apps, to the highly-publicized SolarWinds Compromise. In this talk, Santiago will introduce various research challenges, as well as attempts from both Open Source and Industry --- such as SigStore, CoSign and in-toto --- to protect millions of users across the globe.About the Speaker

Ways to Watch
