The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for SigstoreCon Supply Chain Day 2024 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.
Please note: This schedule is automatically displayed in Mountain Standard Time.To see the schedule in your preferred timezone, please select from the drop-down located at the bottom of the menu to the right.
Sigstore has witnessed significant adoption since its launch, becoming a big player in software supply chain security. Research has primarily focused on identity verification and transparency log witnessing (i.e.,verifying log consistency). However, the semantics security (i.e., the content) of log entries remains largely unexplored. Given generic witnessing solutions are not one-size-fits-all, we analyze the dynamics of Rekor log entries to gain insights to enable better misbehavior detection and stronger identity verification. Our analysis answers these questions: * What are the trends in Sigstore adoption over time? * What are the patterns in certificates, and generated signatures? * What kinds of identities are involved in signing? * What actors are performing these signing actions?
Chinenye is a Ph.D. student at Purdue University’s Electrical and Computer Engineering department in the Trustworthy Software Ecosystems Lab, where she works on securing software supply chains
Tuesday November 12, 2024 9:40am - 10:10am MST
Alpine