Wednesday, November 15, 2023

2:30 PM - 3:30 PM

Sutherland Theatre

---

ㅤ

Managing software supply-chain risks is critically important for Defence environments. Software supply-chain compromise presents a credible vector for intrusion into Defence networks and is being increasingly targeted by cyber threat actors - reporting from 2022 indicates that the number of software supply-chain attacks has increased by 742% year-on-year.
Software signing and attestation is a core component of software supply-chain security. It helps organisations like Defence satisfy critical information requirements about software - who created this software, and how was it created? Historically software signing has been difficult to access for organisations, requiring a deep understanding of software cryptography and concepts like non-repudiation to distribute signed and validated software.
Sigstore is an open-source project designed to make software signing and attestation more accessible for all organisations, including Defence projects and Small and Medium Enterprises (SMEs). It achieves this by providing a set of common services and standards, such as a tamper-resistant ledger of software metadata that can be independently audited, and keyless signing services. This session will look at a practical introduction to Sigstore and how Defence projects and SMEs can use Sigstore to better understand and manage supply-chain risks.

---

Speaker/s