Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore the comprehensive updates to the CNCF Security TAG's Supply Chain Security Best Practices guide in this 33-minute conference talk from the Linux Foundation's Open Source Summit. Discover how the software supply chain security landscape has dramatically evolved since the original 2021 guide, with attacks costing over $45 billion in 2023 and projections exceeding $80 billion by 2026. Learn about the significant advancements in SBOM (Software Bill of Materials) and attestation adoption, supported by a rapidly maturing ecosystem of generation, verification, and consumption tools. Examine how the open source community has responded to escalating threats through innovative tooling, enhanced standards, and widespread best practice implementation. Understand strategies for chaining security tools together to maximize their protective impact across your software supply chain. Get hands-on insights into key open source projects spanning the CNCF and OpenSSF ecosystems, including in-toto for supply chain integrity, TUF for secure software distribution, SLSA for supply chain levels, GUAC for software composition analysis, bomctl for SBOM management, SBOMit for SBOM generation, and protobom for SBOM processing and manipulation.
![CNCF [Cloud Native Computing Foundation]](https://www.classcentral.com/cdn-cgi/image/height=40,format=auto,quality=85/images/logos/institutions/cncf-cloud-native-computing-foundation-hz.png){kind=small}
