The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)
Center for Education and Research in Information Assurance and Security

Santiago Torres-Arias - Purdue University

Students: Spring 2024, unless noted otherwise, sessions will be virtual on Zoom.

Practical software Supply Chain Security and Transparency

Mar 17, 2021

Download: Video Icon MP4 Video Size: 350.8MB  
Watch on Youtube Watch on YouTube

Abstract

The software development process, or software supply chain, is quite complex and involves a number of independent actors. Due to this ever-growing complexity has led to various software supply chain compromises: from XCodeGhost injecting malware on millions of apps, to the highly-publicized SolarWinds Compromise. In this talk, Santiago will introduce various research challenges, as well as attempts from both Open Source and Industry --- such as SigStore, CoSign and in-toto --- to protect millions of users across the globe.

About the Speaker

Santiago Torres-Arias
Dr. Torres-Arias' current research focuses on securing the software development life-cycle. Previously, his research focused on secure password storage mechanisms and update systems. He is the team lead of in-toto, a framework to secure the software development life-cycle, as well as PolyPasswordHasher, a password storage mechanism that's incredibly resilient to offline password cracking. He also contributes to The Update Framework (TUF), which is the software update system being integrated on a variety of projects like Docker, CPAN, and others.


Ways to Watch

YouTube

Watch Now!

Over 500 videos of our weekly seminar and symposia keynotes are available on our YouTube Channel. Also check out Spaf's YouTube Channel. Subscribe today!