November 13–15, 2018 - Shanghai, China
Click Here For Information & Registration

To view the Chinese version of this schedule please go here.

Simultaneous translation will be provided for all keynote and breakout sessions.
Thursday, November 15 • 15:05 - 15:40
The State of Your Supply Chain - Andrew Martin, ControlPlane & Maya Kaczorowski, Google

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.
Container security often focuses on runtime best-practices whilst neglecting the software shipped in the supply chain. Application or library vulnerabilities are a likely route to data exfiltration, and containers offer a new opportunity to mitigate this risk.

Treating containers as immutable artefacts allows us to "upgrade" images by rebuilding and shipping whole images, avoiding configuration drift and state inconsistencies. This makes it possible to constantly patch software, and to easily enforce what is deployed into our environments.

In this talk we detail an ideal software supply chain, describe the current state of the ecosystem, and dig into specific tools. Grafeas, Kritis, in-toto, Clair, Micro Scanner, TUF, and Notary are covered, and we demo how to identify a vulnerable image then automatically rebuild and redeploy it.

avatar for Maya Kaczorowski

Maya Kaczorowski

Product Manager, Google
Maya is a Product Manager in Security & Privacy at Google, focused on container security. She has presented at KubeCon, BSides SF, O'Reilly Velocity, Google Next, OpenStack Summit, and other conferences on container security. She previously worked on encryption at rest and encryption... Read More →
avatar for Andrew Martin

Andrew Martin

Co-founder, ControlPlane
Andrew has an incisive security engineering ethos gained building and deploying high-traffic web applications. Proficient in systems development, testing, and operations, he is comfortable profiling and securing every tier of a bare metal or cloud native system, and has battle-hardened... Read More →

Thursday November 15, 2018 15:05 - 15:40
302 A