Skip to main content

📩 Stay Updated! Follow us on LinkedIn and join our mailing list for the latest news!

Join us for an OpenSSF Tech Talk on SLSA

By September 15, 2023Blog
SLSA Tech Talk - Oct 5

We are excited to launch a series of virtual tech talks to take a deep dive into some of the key initiatives to secure open source software at the OpenSSF.  Our first tech talk will be on October 5th, 2023 on the topic of SLSA (Supply-chain Levels for Software Artifacts). SLSA is an OpenSSF project that provides specifications for software supply chain security, established by community expert consensus. SLSA’s framework is organized into a series of levels that describe increasing security rigor, designed to give confidence that software hasn’t been tampered with and can be securely traced back to its source. 

Our first tech talk will delve into the world of SLSA and its transformative impact on software supply chain security. You will get a comprehensive overview of SLSA and dig into SLSA fundamentals, trust and transparency in software artifacts, SLSA framework levels, the industry impact of SLSA, and more. You will have the unique opportunity to view a demo of SLSA and ask questions during the Q&A.

Details:

  • Securing the Software Supply Chain: An In-Depth Exploration of SLSA
  • October 5, 2023
  • 9 AM PST
  • No cost to attend
  • Register now!

Topics:

  • Introduction to SLSA
  • Security Levels of SLSA
  • Trustworthiness and Transparency
  • Implementing SLSA
  • Industry Impact
  • Future Trends

Panelists:

  • Michael Lieberman, Kusari
  • Marcela Melara, Intel
  • Joshua Lock, Verizon
  • Loreli Cadapan, ActiveState 

Moderator:

  • Omkhar Arasaratnam, OpenSSF

This Tech Talk isn’t just another online event—it’s a unique opportunity to gain a comprehensive understanding of SLSA and how it can bolster your organization’s software security. Here’s a sneak peek at what you can expect:

1. Introduction to SLSA

Begin your journey with a foundational understanding of SLSA. Our experts will demystify the core concepts and explain how SLSA complements your existing security practices and industry standards. You’ll discover how this framework is the missing puzzle piece in your software supply chain security strategy.

2. Supply Chain Levels

Delve deeper into the intricacies of the SLSA framework. Explore the different levels defined within it and witness how these levels align with the various stages of the software supply chain. Learn how SLSA provides a comprehensive and holistic approach to security.

3. Trustworthiness and Transparency

Uncover the mechanisms that underpin trust and transparency in software artifacts. Explore cryptographic signatures, provenance tracking, and attestation techniques that form the bedrock of SLSA’s ability to verify authenticity and integrity.

4. Implementing SLSA

Get your hands dirty with practical insights into successfully implementing SLSA within your software development processes. Our experts will guide you on seamlessly integrating SLSA principles into your CI/CD pipelines, third-party component selection, and vulnerability management.

5. Industry Impact

Be inspired by real-world success stories from organizations that have embraced SLSA. Witness firsthand how SLSA has helped reduce supply chain risks, enhance customer confidence, and contribute to a more secure software ecosystem.

6. Future Trends

Peer into the future of software supply chain security and the role SLSA will likely play in shaping best practices. Engage in discussions about potential collaborations, standardization efforts, and the broader community’s involvement in advancing SLSA.

Secure Your Spot

Don’t miss this opportunity to join our panel of experts as they share their insights, experiences, and practical advice on fortifying your software supply chain. This tech talk promises to equip you with the knowledge needed to enhance your software security posture and contribute to a safer digital world.

Register now!

We look forward to welcoming you to our first Tech Talk and fostering a community dedicated to enhancing open source software security.