Virtual Event
May 4 - May 7
Learn More and Register to Attend

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon Europe 2021 Virtual to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Central European Summer Time (UTC +2). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change.

Back To Schedule
Wednesday, May 5 • 12:20 - 12:55
Protecting Ourselves from CNCFgate. Software Supply Chain Security at CNCF - Practices, and Tools - Andres Vega & Emily Fox, CNCF SIG-Security & Jonathan Meadows, Cyber Security at Citi

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
As the complexity of our software systems grows – and they ingest more and more dependencies to deliver their functionality – the supply chain becomes more complex, and thus more difficult to secure. The industry is forming a consensus around a baseline set of properties for a secure software supply chain, yet these are not enough to protect against some of the high-profile attacks we have seen in recent years. In some cases they may not even have made detection easier. The industry needs to do better, we need to do better. An attacker who compromises a software supply chain can greatly increase the blast radius of their attack to all eventual users of the system. In some cases the exploits are overlooked or unintended bugs; some others have been known to be more deliberate and insidious (most recently, SunBurst/Solarigate).

This presentation shares the experience of the CNCF SIG-Security Supply Chain Working Group with particular attention to intricacies and sharp edges of the practice of creating and maintaining a tightly-secured software supply chain.

avatar for Emily Fox

Emily Fox

Security Engineer, Apple
Emily Fox is a DevOps enthusiast, security unicorn, and advocate for Women in Technology. She promotes the cross-pollination of development and security practices. She has worked in security for over 12 years to drive a cultural change where security is unobstructive, natural, and... Read More →
avatar for Andres Vega

Andres Vega

Product Line Manager, VMware
Andres Vega is Product Line Manager for Security in VMware Tanzu. In his role, he helps organizations securely build large-scale distributed software solutions across multi-cloud environments. The focus of his career has been on the intersection of cloud infrastructure, cybersecurity... Read More →
avatar for Jonathan Meadows

Jonathan Meadows

Managing Director, Cyber Security, Citi
Jonathan Meadows (Head of Cloud Cyber Security Engineering at Citibank.  Jonathan has extensive software engineering experience in the financial services industry coupled with an in depth knowledge of cyber security.  He is a keen advocate of a DevSecOps culture with heavy use of... Read More →

Wednesday May 5, 2021 12:20 - 12:55 CEST
Maintainer Track Theater
  Maintainer Track Sessions
  • Presentation Slides Attached Yes