Loading…
November 13–15, 2018 - Shanghai, China
Click Here For Information & Registration

To view the Chinese version of this schedule please go here.
请点击此处查看中文版本。

我们将为所有主题演讲和分组会议提供同声传译服务。
Simultaneous translation will be provided for all keynote and breakout sessions.
Thursday, November 15 • 15:05 - 15:40
The State of Your Supply Chain - Andrew Martin, ControlPlane & Maya Kaczorowski, Google

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.
Container security often focuses on runtime best-practices whilst neglecting the software shipped in the supply chain. Application or library vulnerabilities are a likely route to data exfiltration, and containers offer a new opportunity to mitigate this risk.

Treating containers as immutable artefacts allows us to "upgrade" images by rebuilding and shipping whole images, avoiding configuration drift and state inconsistencies. This makes it possible to constantly patch software, and to easily enforce what is deployed into our environments.

In this talk we detail an ideal software supply chain, describe the current state of the ecosystem, and dig into specific tools. Grafeas, Kritis, in-toto, Clair, Micro Scanner, TUF, and Notary are covered, and we demo how to identify a vulnerable image then automatically rebuild and redeploy it.

Speakers
avatar for Maya Kaczorowski

Maya Kaczorowski

Product Manager, Google
Maya is a Product Manager in Security & Privacy at Google, focused on container security, specifically container runtime security. She's published several blog posts on container security, and has talked on many security topics, including supply chain security, runtime security, secret... Read More →
avatar for Andrew Martin

Andrew Martin

Co-founder, Control Plane
Andrew has a strong security engineering ethos gained architecting and deploying high-traffic web applications. Proficient in systems development, testing, and operations, he is comfortable profiling and securing every tier of a bare metal or cloud native application, and has battle-hardened... Read More →



Thursday November 15, 2018 15:05 - 15:40
302 A