September 27-30, 2021
Seattle, Washington, USA + Virtual
View More Details & Registration

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for Open Source Summit + Embedded Linux Conference + OSPOCon 2021 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

This schedule is automatically displayed in Pacific Daylight Time (UTC -7). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change.

IMPORTANT NOTE: Timing of sessions and room locations are subject to change.

Back To Schedule
Tuesday, September 28 • 4:00pm - 4:50pm
(IN-PERSON) Zero-Trust Supply Chain Security with Sigstore, TektonCD and SPIFFE - Dan Lorenc, Google

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Supply-chain security has lagged behind network and service security for years, but it's time to fix that! Zero-trust technologies have dramatically improved enterprise security, but haven't been applied to supply-chain security yet. Traditionally, workload security relied on trusted "perimeters". Firewalls, internal networks and physical security provided defense against attackers by keeping them out. This type of architecture is simple and effective when all assets are in one place, the firewall doesn't need many holes and all hardware is on the same physical network. This obviously isn't true today. The workplace is distributed. Devices are mobile and environments are ephemeral. Enter zero-trust security. Zero-trust focuses on protecting assets, not perimeters. Services authenticate users against hardware instead of network endpoints. Users authenticate with MFA and devices authenticate with hardware-roots-of-trust. The end result is a system focused on fine-grained access control. Instead of trusting everything on a network, you control exactly which users and systems have access to which services. This presentation explores how zero-trust can be applied to build systems **today**, with working demos of the Sigstore, TektonCD and SPIFFE/SPIRE projects.

avatar for Dan Lorenc

Dan Lorenc

CEO, Chainguard
Dan has been working on and worrying about containers since 2015 as an engineer and manager.He started projects like MinikubeSkaffold, and Kaniko to make containers easy and fun, then got so worried about the state of OSS supply-chains he partnered up with Kim and others to f... Read More →

Tuesday September 28, 2021 4:00pm - 4:50pm PDT
Room 301