Главная
Study mode:
on
1
Intro
2
2021 is the Year of the Software Supply Chain Attack
3
The SDLC has collapsed into SCMS
4
Google's SLSA Levels
5
Google's SLSA framework - Source
6
Source - Out of Scope
7
Google's SLSA framework - Build
8
Google's SLSA framework - Provenance con
9
Build & Provenance - Out of Scope
10
Google's SLSA framework - Common
11
Common - Out of Scope
Description:
Explore Google's "Supply Chain Levels for Software Artifacts" (SLSA) framework in this 20-minute OWASP Foundation conference talk. Delve into the growing threat of software supply chain attacks and learn how SLSA aims to address this critical AppSec need. Examine the framework's approach, key areas of focus, and controls for attaining each level. Gain insights into additional aspects of software supply chain security not covered by SLSA. Understand the collapse of the SDLC into SCM and the implications for security. Analyze the framework's components, including Source, Build, Provenance, and Common elements, while identifying areas that fall outside the scope of SLSA.

Analyzing Google's SLSA Framework for Securing Software Supply Chains

OWASP Foundation
Add to list
00:00
-01:09