Supply Chain Defense by Default - SBOMs, SLSA, CI/CD

Learn to implement comprehensive supply chain security measures through this 12-minute conference talk that demonstrates how to integrate Software Bill of Materials (SBOMs), Supply-chain Levels for Software Artifacts (SLSA) framework, and CI/CD pipeline security controls. Explore the evolving landscape of software security threats and understand why traditional perimeter-based security approaches are insufficient for modern development environments. Discover how to adopt a "defense by default" strategy that embeds security controls directly into your development pipeline rather than treating security as an afterthought. Master the creation and utilization of SBOMs to maintain visibility into software components and their provenance throughout the development lifecycle. Examine practical implementation of the SLSA framework to establish verifiable security levels for your software artifacts and build processes. Analyze key security controls including source code integrity verification, build environment hardening, artifact signing, and automated vulnerability scanning. Follow a detailed practical example that demonstrates end-to-end supply chain defense implementation, from initial development through deployment and enforcement phases. Understand the cultural and organizational changes required to successfully adopt supply chain security practices across development teams. Gain actionable insights for strengthening your organization's software supply chain security posture through proven frameworks and real-world implementation strategies.