The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for SigstoreCon Supply Chain Day 2024 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.
Please note: This schedule is automatically displayed in Mountain Standard Time.To see the schedule in your preferred timezone, please select from the drop-down located at the bottom of the menu to the right.
The Sigstore and TUF communities both maintain conformance test suites that have been helpful in identifying inconsistencies and security vulnerabilities in clients. This talk offers a deep dive into these two conformance test suites. We first talk about the issues that lead to their development: Interoperability issues and vulnerabilities are painful everywhere but especially so in the field of supply chain security. We then describe the architecture of the test suites and take a look at the engineering and the unique technical problems in conformance testing systems like this: When all test data is by definition cryptographically signed, creating test cases can be very tricky. Next, we cover with practical examples how clients can adopt the test suites and share the experiences client developers have had when adopting the test suites.. Finally, we will examine the impact of these efforts on the Sigstore and TUF ecosystems and how compatibility is improving and clients are becoming more secure. We finish the talk by discussing future ideas for the conformance test suites and how the community can contribute.
Adam is a security engineer at Ada Logics where his work mainly focuses on security automation. He is heavily involved in open source projects and is a top contributor to OSS-Fuzz.
Open source supply chain security @ Google, Google
Jussi secures Open Source supply chains at Google. He has extensive Open Source experience and is currently maintainer of sigstore-python, tuf-on-ci & python-tuf.
Tuesday November 12, 2024 4:10pm - 4:40pm MST
Alpine