Coursera Spring Sale
40% Off Coursera Plus Annual!
Grab it
Explore the critical security challenges in software compilation processes and learn about innovative solutions for establishing trust in build environments. Discover why existing CNCF projects like in-toto and Sigstore, while securing upper supply chain layers, fall short of verifying the integrity of underlying OS stacks, leaving vulnerabilities exposed as demonstrated by attacks like SolarWinds. Examine the complexities of modern software stacks with their deep layers and interdependencies that make comprehensive component verification nearly impossible. Understand a groundbreaking approach that rethinks trust establishment in software builds through build environment verifiability, utilizing SGX enclaves to enclose the entire compilation process within a non-interactive secure environment and leveraging in-toto attestation to ensure verifiable builds. Gain insights into how this security enhancement can strengthen the CNCF ecosystem and protect against sophisticated supply chain attacks targeting the compilation process itself.
![CNCF [Cloud Native Computing Foundation]](https://www.classcentral.com/cdn-cgi/image/height=40,format=auto,quality=85/images/logos/institutions/cncf-cloud-native-computing-foundation-hz.png){kind=small}
