by Datadog

Talks

Roundtable: Software Supply Chain Challenges – What’s in Your Software?

Andrew Krug

Andrew Krug

Security Evangelist | Datadog

Trishank Karthik Kuppusamy

Trishank Karthik Kuppusamy

Staff Engineer | Datadog

Santiago Torres-Arias

Santiago Torres-Arias

Assistant Professor | Purdue University

Asra Ali

Asra Ali

Software Engineer | Google

Moderator

Andrew Krug

Participants

Trishank Karthik Kuppusamy

Santiago Torres-Arias

Asra Ali

This year, Presidential Executive Order (EO) 14028 mandated enhancing software supply chain security. It includes requirements such as “employing automated tools, or comparable processes, to maintain trusted source code supply chains, thereby ensuring the integrity of the code” and “providing a purchaser a Software Bill of Materials (SBOM) for each product directly or by publishing it on a public website.” In this roundtable, we shall discuss how to use open source projects such as in-toto, TUF, sigstore, and SLSA to solve these problems. In particular, we shall discuss how Datadog not only contributed to these tools, but also used them to build the industry’s first transparent compromise-resilient supply chain for the Agent integrations, and how you may use them to secure your own supply chains.