filmov
tv
Google SLSA & NIST SSDF: Emerging Software Supply Chain Security Best Practices
Показать описание
The severity and frequency of software supply chain attacks have increased significantly. How should software teams react to these new threats? Several new frameworks are emerging. At the behest of an executive order from the Biden administration, the National Institute of Standards and Technology (NIST) created the NIST Secure Software Development Framework (SSDF) with robust guidance for securing the software supply chain. Similarly, Google has released the Supply chain Levels for Software Artifact (SLSA) framework for ensuring software supply chain and build integrity.
While there is some overlap, NIST tends to focus on the “what” and Google SLSA focuses on the “how.” Combined, these two frameworks make an excellent road map for securing software supply chains. However, this combined road map is still not without security gaps. This webinar will provide an introduction to the rise of software supply chain attacks and compare and contrast NIST SSDF and Google SLSA.
Among the topics to be covered:
- An overview of NIST SSDF and Google SLSA
- Comparing SSDF and SLSA
- Covering gaps
- Demo
- Q&A
While there is some overlap, NIST tends to focus on the “what” and Google SLSA focuses on the “how.” Combined, these two frameworks make an excellent road map for securing software supply chains. However, this combined road map is still not without security gaps. This webinar will provide an introduction to the rise of software supply chain attacks and compare and contrast NIST SSDF and Google SLSA.
Among the topics to be covered:
- An overview of NIST SSDF and Google SLSA
- Comparing SSDF and SLSA
- Covering gaps
- Demo
- Q&A
0:56:18
0:28:41
0:41:30
0:13:01
0:31:25
0:01:57
0:16:19
0:36:23
0:15:19
0:06:46
1:16:55
0:55:48
0:11:09
0:20:02
0:02:18
0:44:36
0:43:04
0:02:17
0:32:28
0:01:11
0:33:56
0:05:40
0:29:50
0:03:51