![CNCF [Cloud Native Computing Foundation]](https://www.classcentral.com/cdn-cgi/image/height=60,format=auto,quality=85/images/logos/institutions/cncf-cloud-native-computing-foundation-hz.png){kind=small}
Coursera Spring Sale
40% Off Coursera Plus Annual!
Grab it
Explore the critical security challenges in software compilation processes and discover innovative solutions for establishing trust in build environments through this 18-minute conference talk. Learn about the vulnerabilities in modern software stacks where compilers operate on complex, interdependent layers that make it difficult to verify every component's integrity during builds. Understand how existing CNCF projects like in-toto and Sigstore secure upper supply chain layers but leave gaps in verifying the complete underlying OS stack integrity. Examine real-world attack scenarios like SolarWinds (2020) that demonstrate the urgent need for stronger compilation process security. Discover a proposed solution that rethinks trust establishment in software builds through build environment verifiability, utilizing SGX enclaves to enclose the entire compilation process within a non-interactive secure environment and leveraging in-toto attestation to ensure verifiable builds. Gain insights into how this approach can enhance security within the CNCF ecosystem and address the fundamental challenges of securing deeply layered and interdependent software stacks.
![CNCF [Cloud Native Computing Foundation]](https://www.classcentral.com/cdn-cgi/image/height=40,format=auto,quality=85/images/logos/institutions/cncf-cloud-native-computing-foundation-hz.png){kind=small}
