Ensuring the integrity of software is imperative for safeguarding against security threats and ensuring compliance. In this talk, we will explore the pivotal role of Software Bill of Materials (SBOM), Secure Software Supply Chain (SLSA), and tools like Cosign in fortifying software integrity.

Understanding the lineage of software components and the entities responsible for their creation is fundamental to establishing trust in the software supply chain. By implementing SBOM and SLSA, organizations can gain transparency into the origins of their software, enabling them to verify its authenticity and integrity. This session will provide practical insights into implementing these measures, offering attendees actionable steps to enhance the security posture of their production environments.

Furthermore, we will delve into real-world examples of supply chain risks, highlighting instances where malicious actors exploited vulnerabilities in the software supply chain. By examining these case studies, attendees will gain a deeper understanding of the threats posed by supply chain breaches and the importance of proactive security measures.

Join us as we navigate the landscape of software integrity, empowering organizations to mitigate risks, ensure compliance, and foster trust in their software ecosystems.