SlideShare a Scribd company logo

Securing the Software Supply Chain with TUF and Docker - Justin Cappos and Santiago Torres, NYU

Docker, Inc.
Docker, Inc.

If you want to compromise millions of machines and users, software distribution and software updates are an excellent attack vector. Using public cryptography to sign your packages is a good starting point, but as we will see, it still leaves you open to a variety of attacks. This is why we designed TUF, a secure software update framework. TUF helps to handle key revocation securely, limits the impact a man-in-the-middle attacker may have, and reduces the impact of repository compromise. We will discuss TUF's protections and integration into Docker's Notary software, and demonstrate new techniques that could be added to verify other parts of the software supply chain, including the development, build, and quality assurance processes.

Technology
1 of 38
Download to read offline
Securing the Software Supply Chain with TUF and Docker Santiago Torres Ph.D student, NYU Justin Cappos Professor, NYU
There exists an attack vector that...
Many Victims...
Does crypto just work? Easy?
Does a simple solution work? Easy?
Does a simple solution work? Easy?
Easy?
Easy?
Easy? Possible?
Goals: ● compromise resilience Enter TUF!
Goals: ● compromise resilience ● support, don’t judge! Enter TUF!
TUF Design Responsibility Separation Multi-signature Trust Explicit and Implicit Revocation Minimize Individual Key and Role Risk
TUF Design Principles Responsibility Separation Delegate roles to divide responsibilities
Responsibility Separation Content Timeliness
TUF Design Principles Minimize Individual Key and Role Risk Expected Damage ~= Probability×Impact
Minimize Expected Damage Root High-impact role? → Highly-secure keys Timeliness Online keys? → Low-impact role
TUF Design Principles Multi-signature Trust (t, n)threshold required for trust
Multi-signature Trust A B A No risk to clients. Signature threshold: Two signatures
TUF Design Principles Explicit and Implicit Revocation
Root TimestampSnapshot Targets (projects)
Standardized / Used
Is docker vulnerable to these kinds of attacks? What about Docker?
A long time ago (in technology terms)...
Docker content trust integrates TUF in order to sign and protect Docker manifests. Signing Docker images
● Root: user ● Targets: user ● Snapshot: content-trust* ● Timestamp: content-trust The TUF specific roles are as follows Role breakdown
In order to sign the metadata, the docker cli tool will talk to the content trust server before pushing to the registry. How to sign
Docker Today
Key compromise Key compromised Malicious content Rollback, freeze, mix and match Denial of service Timestamp (online) No No Limited Snapshot (online*) No No Limited Targets (offline) No (*) No (*) Limited Root (offline) Yes Yes Yes
Key compromise Key compromised Malicious content Rollback, freeze, mix and match Denial of service Timestamp (online) No No Limited Snapshot (online*) No No Limited Targets (offline) No (*) No (*) Limited Root (offline) Yes Yes Yes
Things TUF does not protect against Beyond TUF
Supply chain compromises
Final Product much like TUF, in-toto uses roles in-toto: overview Project owner Functionaries End User Defines what needs to be done Perform steps, provide evidence Verify Layout Link Link Link Link Link
✔ ✔ Introducing in-toto ✔ ✔
Conclusion ● Securing software distribution, etc. is hard ○ Use TUF -- standardized, widely used, security audited... ● Docker Content Trust provides strong guarantees for Docker images ● in-toto will further improve security
TUF • TAP 3 -- multi-role signatures ○ Lets one have ‘unequal’ quorums • TAP 4 -- pinning repository keys ○ Control the root of trust for parts of the namespace ○ Root role compromise != game over • TAP 5 -- specify URLs in root files ○ Makes it easy to change the repo location • TAP 6 -- version numbers in root metadata • TAP 7 -- TUF conformance testing Discuss with us, then submit (TAP 1/2) Standardization process (TAPs)
Thank You! Let’s work together! https://theupdateframework.com https://in-toto.io @docker #dockercon

Recommended

LlinuxKit security, Security Scanning and Notary
LlinuxKit security, Security Scanning and NotaryLlinuxKit security, Security Scanning and Notary
LlinuxKit security, Security Scanning and NotaryDocker, Inc.
 
LinuxKit Update at the Moby Summit
LinuxKit Update at the Moby SummitLinuxKit Update at the Moby Summit
LinuxKit Update at the Moby SummitDocker, Inc.
 
Docker Enterprise Edition: Building a Secure Supply Chain for the Enterprise ...
Docker Enterprise Edition: Building a Secure Supply Chain for the Enterprise ...Docker Enterprise Edition: Building a Secure Supply Chain for the Enterprise ...
Docker Enterprise Edition: Building a Secure Supply Chain for the Enterprise ...Docker, Inc.
 
IstioD - From Microservices to Monolithic
IstioD - From Microservices to MonolithicIstioD - From Microservices to Monolithic
IstioD - From Microservices to MonolithicAll Things Open
 
Talking TUF: Securing Software Distribution
Talking TUF: Securing Software DistributionTalking TUF: Securing Software Distribution
Talking TUF: Securing Software DistributionDocker, Inc.
 
Continuous Packaging is also Mandatory for DevOps
Continuous Packaging is also Mandatory for DevOpsContinuous Packaging is also Mandatory for DevOps
Continuous Packaging is also Mandatory for DevOpsDocker, Inc.
 
Securing Your Resources with Short-Lived Certificates!
Securing Your Resources with Short-Lived Certificates!Securing Your Resources with Short-Lived Certificates!
Securing Your Resources with Short-Lived Certificates!All Things Open
 
OpenNebulaConf2019 - Crytek: A Video gaming Edge Implementation "on the shoul...
OpenNebulaConf2019 - Crytek: A Video gaming Edge Implementation "on the shoul...OpenNebulaConf2019 - Crytek: A Video gaming Edge Implementation "on the shoul...
OpenNebulaConf2019 - Crytek: A Video gaming Edge Implementation "on the shoul...OpenNebula Project
 

Recommended

LlinuxKit security, Security Scanning and Notary
LlinuxKit security, Security Scanning and NotaryLlinuxKit security, Security Scanning and Notary
LlinuxKit security, Security Scanning and NotaryDocker, Inc.
 
LinuxKit Update at the Moby Summit
LinuxKit Update at the Moby SummitLinuxKit Update at the Moby Summit
LinuxKit Update at the Moby SummitDocker, Inc.
 
Docker Enterprise Edition: Building a Secure Supply Chain for the Enterprise ...
Docker Enterprise Edition: Building a Secure Supply Chain for the Enterprise ...Docker Enterprise Edition: Building a Secure Supply Chain for the Enterprise ...
Docker Enterprise Edition: Building a Secure Supply Chain for the Enterprise ...Docker, Inc.
 
IstioD - From Microservices to Monolithic
IstioD - From Microservices to MonolithicIstioD - From Microservices to Monolithic
IstioD - From Microservices to MonolithicAll Things Open
 
Talking TUF: Securing Software Distribution
Talking TUF: Securing Software DistributionTalking TUF: Securing Software Distribution
Talking TUF: Securing Software DistributionDocker, Inc.
 
Continuous Packaging is also Mandatory for DevOps
Continuous Packaging is also Mandatory for DevOpsContinuous Packaging is also Mandatory for DevOps
Continuous Packaging is also Mandatory for DevOpsDocker, Inc.
 
Securing Your Resources with Short-Lived Certificates!
Securing Your Resources with Short-Lived Certificates!Securing Your Resources with Short-Lived Certificates!
Securing Your Resources with Short-Lived Certificates!All Things Open
 
OpenNebulaConf2019 - Crytek: A Video gaming Edge Implementation "on the shoul...
OpenNebulaConf2019 - Crytek: A Video gaming Edge Implementation "on the shoul...OpenNebulaConf2019 - Crytek: A Video gaming Edge Implementation "on the shoul...
OpenNebulaConf2019 - Crytek: A Video gaming Edge Implementation "on the shoul...OpenNebula Project
 
Docker EE Deep Dive
Docker EE Deep DiveDocker EE Deep Dive
Docker EE Deep DiveDocker, Inc.
 
Empower Your Docker Containers with Watson - DockerCon 2017 Austin
Empower Your Docker Containers with Watson - DockerCon 2017 AustinEmpower Your Docker Containers with Watson - DockerCon 2017 Austin
Empower Your Docker Containers with Watson - DockerCon 2017 AustinPhil Estes
 
DCSF19 Deploying Istio as an Ingress Controller
DCSF19 Deploying Istio as an Ingress Controller DCSF19 Deploying Istio as an Ingress Controller
DCSF19 Deploying Istio as an Ingress Controller Docker, Inc.
 
Orchestrating Linux Containers
Orchestrating Linux ContainersOrchestrating Linux Containers
Orchestrating Linux ContainersBergamo Linux Users Group
 
Docker Store: The New Destination for Enterprise Software - Lily Guo and Alfr...
Docker Store: The New Destination for Enterprise Software - Lily Guo and Alfr...Docker Store: The New Destination for Enterprise Software - Lily Guo and Alfr...
Docker Store: The New Destination for Enterprise Software - Lily Guo and Alfr...Docker, Inc.
 
Back to the Future: Containerize Legacy Applications
Back to the Future: Containerize Legacy ApplicationsBack to the Future: Containerize Legacy Applications
Back to the Future: Containerize Legacy ApplicationsDocker, Inc.
 
DCSF19 Kubernetes Security with OPA
DCSF19 Kubernetes Security with OPA DCSF19 Kubernetes Security with OPA
DCSF19 Kubernetes Security with OPA Docker, Inc.
 
Modernizing .NET Apps
Modernizing .NET AppsModernizing .NET Apps
Modernizing .NET AppsDocker, Inc.
 
Becoming the Docker Champion: Bringing Docker Back to Work
Becoming the Docker Champion: Bringing Docker Back to WorkBecoming the Docker Champion: Bringing Docker Back to Work
Becoming the Docker Champion: Bringing Docker Back to WorkDocker, Inc.
 
Linux kit meetup_v1.0.0
Linux kit meetup_v1.0.0Linux kit meetup_v1.0.0
Linux kit meetup_v1.0.0Anshul Patel
 
DevOps Days Boston 2017: Real-world Kubernetes for DevOps
DevOps Days Boston 2017: Real-world Kubernetes for DevOpsDevOps Days Boston 2017: Real-world Kubernetes for DevOps
DevOps Days Boston 2017: Real-world Kubernetes for DevOpsAmbassador Labs
 
Innovating Out In The Open - OSCON 2016
Innovating Out In The Open - OSCON 2016Innovating Out In The Open - OSCON 2016
Innovating Out In The Open - OSCON 2016Phil Estes
 
Containers in depth – Understanding how containers work to better work with c...
Containers in depth – Understanding how containers work to better work with c...Containers in depth – Understanding how containers work to better work with c...
Containers in depth – Understanding how containers work to better work with c...All Things Open
 
Getting Started with Containers
Getting Started with ContainersGetting Started with Containers
Getting Started with ContainersScott Lowe
 
Docker Security - Secure Container Deployment on Linux
Docker Security - Secure Container Deployment on LinuxDocker Security - Secure Container Deployment on Linux
Docker Security - Secure Container Deployment on LinuxMichael Boelen
 
We Need to Talk: How Communication Helps Code
We Need to Talk: How Communication Helps CodeWe Need to Talk: How Communication Helps Code
We Need to Talk: How Communication Helps CodeDocker, Inc.
 
How Docker EE is Finnish Railway’s Ticket to App Modernization
How Docker EE is Finnish Railway’s Ticket to App ModernizationHow Docker EE is Finnish Railway’s Ticket to App Modernization
How Docker EE is Finnish Railway’s Ticket to App ModernizationDocker, Inc.
 
DockerCon EU 2015: Deploying and Managing Containers for Developers
DockerCon EU 2015: Deploying and Managing Containers for DevelopersDockerCon EU 2015: Deploying and Managing Containers for Developers
DockerCon EU 2015: Deploying and Managing Containers for DevelopersDocker, Inc.
 
Montreal Kubernetes Meetup: Developer-first workflows (for microservices) on ...
Montreal Kubernetes Meetup: Developer-first workflows (for microservices) on ...Montreal Kubernetes Meetup: Developer-first workflows (for microservices) on ...
Montreal Kubernetes Meetup: Developer-first workflows (for microservices) on ...Ambassador Labs
 
Jenkins in the real world - DevOpsCon 2017
Jenkins in the real world - DevOpsCon 2017Jenkins in the real world - DevOpsCon 2017
Jenkins in the real world - DevOpsCon 2017Gianluca Arbezzano
 
Not my problem - Delegating responsibility to infrastructure
Not my problem - Delegating responsibility to infrastructureNot my problem - Delegating responsibility to infrastructure
Not my problem - Delegating responsibility to infrastructureYshay Yaacobi
 
Pubs first
Pubs firstPubs first
Pubs firstTowo Toivola
 

More Related Content

What's hot

Docker EE Deep Dive
Docker EE Deep DiveDocker EE Deep Dive
Docker EE Deep DiveDocker, Inc.
 
Empower Your Docker Containers with Watson - DockerCon 2017 Austin
Empower Your Docker Containers with Watson - DockerCon 2017 AustinEmpower Your Docker Containers with Watson - DockerCon 2017 Austin
Empower Your Docker Containers with Watson - DockerCon 2017 AustinPhil Estes
 
DCSF19 Deploying Istio as an Ingress Controller
DCSF19 Deploying Istio as an Ingress Controller DCSF19 Deploying Istio as an Ingress Controller
DCSF19 Deploying Istio as an Ingress Controller Docker, Inc.
 
Docker Store: The New Destination for Enterprise Software - Lily Guo and Alfr...
Docker Store: The New Destination for Enterprise Software - Lily Guo and Alfr...Docker Store: The New Destination for Enterprise Software - Lily Guo and Alfr...
Docker Store: The New Destination for Enterprise Software - Lily Guo and Alfr...Docker, Inc.
 
Back to the Future: Containerize Legacy Applications
Back to the Future: Containerize Legacy ApplicationsBack to the Future: Containerize Legacy Applications
Back to the Future: Containerize Legacy ApplicationsDocker, Inc.
 
DCSF19 Kubernetes Security with OPA
DCSF19 Kubernetes Security with OPA DCSF19 Kubernetes Security with OPA
DCSF19 Kubernetes Security with OPA Docker, Inc.
 
Modernizing .NET Apps
Modernizing .NET AppsModernizing .NET Apps
Modernizing .NET AppsDocker, Inc.
 
Becoming the Docker Champion: Bringing Docker Back to Work
Becoming the Docker Champion: Bringing Docker Back to WorkBecoming the Docker Champion: Bringing Docker Back to Work
Becoming the Docker Champion: Bringing Docker Back to WorkDocker, Inc.
 
Linux kit meetup_v1.0.0
Linux kit meetup_v1.0.0Linux kit meetup_v1.0.0
Linux kit meetup_v1.0.0Anshul Patel
 
DevOps Days Boston 2017: Real-world Kubernetes for DevOps
DevOps Days Boston 2017: Real-world Kubernetes for DevOpsDevOps Days Boston 2017: Real-world Kubernetes for DevOps
DevOps Days Boston 2017: Real-world Kubernetes for DevOpsAmbassador Labs
 
Innovating Out In The Open - OSCON 2016
Innovating Out In The Open - OSCON 2016Innovating Out In The Open - OSCON 2016
Innovating Out In The Open - OSCON 2016Phil Estes
 
Containers in depth – Understanding how containers work to better work with c...
Containers in depth – Understanding how containers work to better work with c...Containers in depth – Understanding how containers work to better work with c...
Containers in depth – Understanding how containers work to better work with c...All Things Open
 
Getting Started with Containers
Getting Started with ContainersGetting Started with Containers
Getting Started with ContainersScott Lowe
 
Docker Security - Secure Container Deployment on Linux
Docker Security - Secure Container Deployment on LinuxDocker Security - Secure Container Deployment on Linux
Docker Security - Secure Container Deployment on LinuxMichael Boelen
 
We Need to Talk: How Communication Helps Code
We Need to Talk: How Communication Helps CodeWe Need to Talk: How Communication Helps Code
We Need to Talk: How Communication Helps CodeDocker, Inc.
 
How Docker EE is Finnish Railway’s Ticket to App Modernization
How Docker EE is Finnish Railway’s Ticket to App ModernizationHow Docker EE is Finnish Railway’s Ticket to App Modernization
How Docker EE is Finnish Railway’s Ticket to App ModernizationDocker, Inc.
 
DockerCon EU 2015: Deploying and Managing Containers for Developers
DockerCon EU 2015: Deploying and Managing Containers for DevelopersDockerCon EU 2015: Deploying and Managing Containers for Developers
DockerCon EU 2015: Deploying and Managing Containers for DevelopersDocker, Inc.
 
Montreal Kubernetes Meetup: Developer-first workflows (for microservices) on ...
Montreal Kubernetes Meetup: Developer-first workflows (for microservices) on ...Montreal Kubernetes Meetup: Developer-first workflows (for microservices) on ...
Montreal Kubernetes Meetup: Developer-first workflows (for microservices) on ...Ambassador Labs
 
Jenkins in the real world - DevOpsCon 2017
Jenkins in the real world - DevOpsCon 2017Jenkins in the real world - DevOpsCon 2017
Jenkins in the real world - DevOpsCon 2017Gianluca Arbezzano
 

What's hot (20)

Docker EE Deep Dive
Docker EE Deep DiveDocker EE Deep Dive
Docker EE Deep Dive
 
Empower Your Docker Containers with Watson - DockerCon 2017 Austin
Empower Your Docker Containers with Watson - DockerCon 2017 AustinEmpower Your Docker Containers with Watson - DockerCon 2017 Austin
Empower Your Docker Containers with Watson - DockerCon 2017 Austin
 
DCSF19 Deploying Istio as an Ingress Controller
DCSF19 Deploying Istio as an Ingress Controller DCSF19 Deploying Istio as an Ingress Controller
DCSF19 Deploying Istio as an Ingress Controller
 
Orchestrating Linux Containers
Orchestrating Linux ContainersOrchestrating Linux Containers
Orchestrating Linux Containers
 
Docker Store: The New Destination for Enterprise Software - Lily Guo and Alfr...
Docker Store: The New Destination for Enterprise Software - Lily Guo and Alfr...Docker Store: The New Destination for Enterprise Software - Lily Guo and Alfr...
Docker Store: The New Destination for Enterprise Software - Lily Guo and Alfr...
 
Back to the Future: Containerize Legacy Applications
Back to the Future: Containerize Legacy ApplicationsBack to the Future: Containerize Legacy Applications
Back to the Future: Containerize Legacy Applications
 
DCSF19 Kubernetes Security with OPA
DCSF19 Kubernetes Security with OPA DCSF19 Kubernetes Security with OPA
DCSF19 Kubernetes Security with OPA
 
Modernizing .NET Apps
Modernizing .NET AppsModernizing .NET Apps
Modernizing .NET Apps
 
Becoming the Docker Champion: Bringing Docker Back to Work
Becoming the Docker Champion: Bringing Docker Back to WorkBecoming the Docker Champion: Bringing Docker Back to Work
Becoming the Docker Champion: Bringing Docker Back to Work
 
Linux kit meetup_v1.0.0
Linux kit meetup_v1.0.0Linux kit meetup_v1.0.0
Linux kit meetup_v1.0.0
 
DevOps Days Boston 2017: Real-world Kubernetes for DevOps
DevOps Days Boston 2017: Real-world Kubernetes for DevOpsDevOps Days Boston 2017: Real-world Kubernetes for DevOps
DevOps Days Boston 2017: Real-world Kubernetes for DevOps
 
Innovating Out In The Open - OSCON 2016
Innovating Out In The Open - OSCON 2016Innovating Out In The Open - OSCON 2016
Innovating Out In The Open - OSCON 2016
 
Containers in depth – Understanding how containers work to better work with c...
Containers in depth – Understanding how containers work to better work with c...Containers in depth – Understanding how containers work to better work with c...
Containers in depth – Understanding how containers work to better work with c...
 
Getting Started with Containers
Getting Started with ContainersGetting Started with Containers
Getting Started with Containers
 
Docker Security - Secure Container Deployment on Linux
Docker Security - Secure Container Deployment on LinuxDocker Security - Secure Container Deployment on Linux
Docker Security - Secure Container Deployment on Linux
 
We Need to Talk: How Communication Helps Code
We Need to Talk: How Communication Helps CodeWe Need to Talk: How Communication Helps Code
We Need to Talk: How Communication Helps Code
 
How Docker EE is Finnish Railway’s Ticket to App Modernization
How Docker EE is Finnish Railway’s Ticket to App ModernizationHow Docker EE is Finnish Railway’s Ticket to App Modernization
How Docker EE is Finnish Railway’s Ticket to App Modernization
 
DockerCon EU 2015: Deploying and Managing Containers for Developers
DockerCon EU 2015: Deploying and Managing Containers for DevelopersDockerCon EU 2015: Deploying and Managing Containers for Developers
DockerCon EU 2015: Deploying and Managing Containers for Developers
 
Montreal Kubernetes Meetup: Developer-first workflows (for microservices) on ...
Montreal Kubernetes Meetup: Developer-first workflows (for microservices) on ...Montreal Kubernetes Meetup: Developer-first workflows (for microservices) on ...
Montreal Kubernetes Meetup: Developer-first workflows (for microservices) on ...
 
Jenkins in the real world - DevOpsCon 2017
Jenkins in the real world - DevOpsCon 2017Jenkins in the real world - DevOpsCon 2017
Jenkins in the real world - DevOpsCon 2017
 

Similar to Securing the Software Supply Chain with TUF and Docker - Justin Cappos and Santiago Torres, NYU

Not my problem - Delegating responsibility to infrastructure
Not my problem - Delegating responsibility to infrastructureNot my problem - Delegating responsibility to infrastructure
Not my problem - Delegating responsibility to infrastructureYshay Yaacobi
 
IoT Security – It’s in the Stars! 16_9 v201605241355
IoT Security – It’s in the Stars! 16_9 v201605241355IoT Security – It’s in the Stars! 16_9 v201605241355
IoT Security – It’s in the Stars! 16_9 v201605241355AndrewRJamieson
 
TEE - kernel support is now upstream. What this means for open source security
TEE - kernel support is now upstream. What this means for open source securityTEE - kernel support is now upstream. What this means for open source security
TEE - kernel support is now upstream. What this means for open source securityLinaro
 
How to Manage the Risk of your Polyglot Environments
How to Manage the Risk of your Polyglot EnvironmentsHow to Manage the Risk of your Polyglot Environments
How to Manage the Risk of your Polyglot EnvironmentsDevOps.com
 
Security and Software Engineering BSides St. John's 2017
Security and Software Engineering BSides St. John's 2017Security and Software Engineering BSides St. John's 2017
Security and Software Engineering BSides St. John's 2017Peter Rawsthorne
 
Andrea Di Persio
Andrea Di PersioAndrea Di Persio
Andrea Di PersioCodeFest
 
JAX DevOps 2019: "Creating an Effective Developer Experience for Cloud-native...
JAX DevOps 2019: "Creating an Effective Developer Experience for Cloud-native...JAX DevOps 2019: "Creating an Effective Developer Experience for Cloud-native...
JAX DevOps 2019: "Creating an Effective Developer Experience for Cloud-native...Daniel Bryant
 
Introduction to TM1 TurboIntegrator Debugger Webinar - Quebit Consulting
Introduction to TM1 TurboIntegrator Debugger Webinar - Quebit ConsultingIntroduction to TM1 TurboIntegrator Debugger Webinar - Quebit Consulting
Introduction to TM1 TurboIntegrator Debugger Webinar - Quebit ConsultingQueBIT Consulting
 
LAS16-300K2: Geoff Thorpe - IoT Zephyr
LAS16-300K2: Geoff Thorpe - IoT ZephyrLAS16-300K2: Geoff Thorpe - IoT Zephyr
LAS16-300K2: Geoff Thorpe - IoT ZephyrShovan Sargunam
 
Hacker vs company, Cloud Cyber Security Automated with Kubernetes - Demi Ben-...
Hacker vs company, Cloud Cyber Security Automated with Kubernetes - Demi Ben-...Hacker vs company, Cloud Cyber Security Automated with Kubernetes - Demi Ben-...
Hacker vs company, Cloud Cyber Security Automated with Kubernetes - Demi Ben-...Demi Ben-Ari
 
Workday "Creating an Effective Developer Experience on Kubernetes"
Workday "Creating an Effective Developer Experience on Kubernetes"Workday "Creating an Effective Developer Experience on Kubernetes"
Workday "Creating an Effective Developer Experience on Kubernetes"Daniel Bryant
 
Unit Tests? It is Very Simple and Easy!
Unit Tests? It is Very Simple and Easy!Unit Tests? It is Very Simple and Easy!
Unit Tests? It is Very Simple and Easy!Return on Intelligence
 
What to Expect When You're Expecting (to Own Production)
What to Expect When You're Expecting (to Own Production)What to Expect When You're Expecting (to Own Production)
What to Expect When You're Expecting (to Own Production)Michael Diamant
 
The (Memory) Safety Dance - SAS 2017 keynote
The (Memory) Safety Dance - SAS 2017 keynoteThe (Memory) Safety Dance - SAS 2017 keynote
The (Memory) Safety Dance - SAS 2017 keynoteMarkDowd13
 
OpenDev 2018: "Open CD for Open Infrastructure - Hybrid and Multi-Cloud Deplo...
OpenDev 2018: "Open CD for Open Infrastructure - Hybrid and Multi-Cloud Deplo...OpenDev 2018: "Open CD for Open Infrastructure - Hybrid and Multi-Cloud Deplo...
OpenDev 2018: "Open CD for Open Infrastructure - Hybrid and Multi-Cloud Deplo...Andrew Phillips
 
How To Make Dev Ops Work @ Netlight Edge X Berlin
How To Make Dev Ops Work @ Netlight Edge X BerlinHow To Make Dev Ops Work @ Netlight Edge X Berlin
How To Make Dev Ops Work @ Netlight Edge X BerlinFerdinand von den Eichen
 
NTTドコモ様 導入事例 OpenStack Summit 2015 Tokyo 講演「After One year of OpenStack Cloud...
NTTドコモ様 導入事例 OpenStack Summit 2015 Tokyo 講演「After One year of OpenStack Cloud...NTTドコモ様 導入事例 OpenStack Summit 2015 Tokyo 講演「After One year of OpenStack Cloud...
NTTドコモ様 導入事例 OpenStack Summit 2015 Tokyo 講演「After One year of OpenStack Cloud...VirtualTech Japan Inc.
 
Testing and DevOps Culture: Lessons Learned
Testing and DevOps Culture: Lessons LearnedTesting and DevOps Culture: Lessons Learned
Testing and DevOps Culture: Lessons LearnedLB Denker
 

Similar to Securing the Software Supply Chain with TUF and Docker - Justin Cappos and Santiago Torres, NYU (20)

Not my problem - Delegating responsibility to infrastructure
Not my problem - Delegating responsibility to infrastructureNot my problem - Delegating responsibility to infrastructure
Not my problem - Delegating responsibility to infrastructure
 
Pubs first
Pubs firstPubs first
Pubs first
 
IoT Security – It’s in the Stars! 16_9 v201605241355
IoT Security – It’s in the Stars! 16_9 v201605241355IoT Security – It’s in the Stars! 16_9 v201605241355
IoT Security – It’s in the Stars! 16_9 v201605241355
 
TEE - kernel support is now upstream. What this means for open source security
TEE - kernel support is now upstream. What this means for open source securityTEE - kernel support is now upstream. What this means for open source security
TEE - kernel support is now upstream. What this means for open source security
 
How to Manage the Risk of your Polyglot Environments
How to Manage the Risk of your Polyglot EnvironmentsHow to Manage the Risk of your Polyglot Environments
How to Manage the Risk of your Polyglot Environments
 
Security and Software Engineering BSides St. John's 2017
Security and Software Engineering BSides St. John's 2017Security and Software Engineering BSides St. John's 2017
Security and Software Engineering BSides St. John's 2017
 
Andrea Di Persio
Andrea Di PersioAndrea Di Persio
Andrea Di Persio
 
JAX DevOps 2019: "Creating an Effective Developer Experience for Cloud-native...
JAX DevOps 2019: "Creating an Effective Developer Experience for Cloud-native...JAX DevOps 2019: "Creating an Effective Developer Experience for Cloud-native...
JAX DevOps 2019: "Creating an Effective Developer Experience for Cloud-native...
 
Introduction to TM1 TurboIntegrator Debugger Webinar - Quebit Consulting
Introduction to TM1 TurboIntegrator Debugger Webinar - Quebit ConsultingIntroduction to TM1 TurboIntegrator Debugger Webinar - Quebit Consulting
Introduction to TM1 TurboIntegrator Debugger Webinar - Quebit Consulting
 
Security in open source projects
Security in open source projectsSecurity in open source projects
Security in open source projects
 
LAS16-300K2: Geoff Thorpe - IoT Zephyr
LAS16-300K2: Geoff Thorpe - IoT ZephyrLAS16-300K2: Geoff Thorpe - IoT Zephyr
LAS16-300K2: Geoff Thorpe - IoT Zephyr
 
Hacker vs company, Cloud Cyber Security Automated with Kubernetes - Demi Ben-...
Hacker vs company, Cloud Cyber Security Automated with Kubernetes - Demi Ben-...Hacker vs company, Cloud Cyber Security Automated with Kubernetes - Demi Ben-...
Hacker vs company, Cloud Cyber Security Automated with Kubernetes - Demi Ben-...
 
Workday "Creating an Effective Developer Experience on Kubernetes"
Workday "Creating an Effective Developer Experience on Kubernetes"Workday "Creating an Effective Developer Experience on Kubernetes"
Workday "Creating an Effective Developer Experience on Kubernetes"
 
Unit Tests? It is Very Simple and Easy!
Unit Tests? It is Very Simple and Easy!Unit Tests? It is Very Simple and Easy!
Unit Tests? It is Very Simple and Easy!
 
What to Expect When You're Expecting (to Own Production)
What to Expect When You're Expecting (to Own Production)What to Expect When You're Expecting (to Own Production)
What to Expect When You're Expecting (to Own Production)
 
The (Memory) Safety Dance - SAS 2017 keynote
The (Memory) Safety Dance - SAS 2017 keynoteThe (Memory) Safety Dance - SAS 2017 keynote
The (Memory) Safety Dance - SAS 2017 keynote
 
OpenDev 2018: "Open CD for Open Infrastructure - Hybrid and Multi-Cloud Deplo...
OpenDev 2018: "Open CD for Open Infrastructure - Hybrid and Multi-Cloud Deplo...OpenDev 2018: "Open CD for Open Infrastructure - Hybrid and Multi-Cloud Deplo...
OpenDev 2018: "Open CD for Open Infrastructure - Hybrid and Multi-Cloud Deplo...
 
How To Make Dev Ops Work @ Netlight Edge X Berlin
How To Make Dev Ops Work @ Netlight Edge X BerlinHow To Make Dev Ops Work @ Netlight Edge X Berlin
How To Make Dev Ops Work @ Netlight Edge X Berlin
 
NTTドコモ様 導入事例 OpenStack Summit 2015 Tokyo 講演「After One year of OpenStack Cloud...
NTTドコモ様 導入事例 OpenStack Summit 2015 Tokyo 講演「After One year of OpenStack Cloud...NTTドコモ様 導入事例 OpenStack Summit 2015 Tokyo 講演「After One year of OpenStack Cloud...
NTTドコモ様 導入事例 OpenStack Summit 2015 Tokyo 講演「After One year of OpenStack Cloud...
 
Testing and DevOps Culture: Lessons Learned
Testing and DevOps Culture: Lessons LearnedTesting and DevOps Culture: Lessons Learned
Testing and DevOps Culture: Lessons Learned
 

More from Docker, Inc.

Containerize Your Game Server for the Best Multiplayer Experience
Containerize Your Game Server for the Best Multiplayer Experience Containerize Your Game Server for the Best Multiplayer Experience
Containerize Your Game Server for the Best Multiplayer Experience Docker, Inc.
 
How to Improve Your Image Builds Using Advance Docker Build
How to Improve Your Image Builds Using Advance Docker BuildHow to Improve Your Image Builds Using Advance Docker Build
How to Improve Your Image Builds Using Advance Docker BuildDocker, Inc.
 
Build & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWSBuild & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWSDocker, Inc.
 
Securing Your Containerized Applications with NGINX
Securing Your Containerized Applications with NGINXSecuring Your Containerized Applications with NGINX
Securing Your Containerized Applications with NGINXDocker, Inc.
 
How To Build and Run Node Apps with Docker and Compose
How To Build and Run Node Apps with Docker and ComposeHow To Build and Run Node Apps with Docker and Compose
How To Build and Run Node Apps with Docker and ComposeDocker, Inc.
 
Distributed Deep Learning with Docker at Salesforce
Distributed Deep Learning with Docker at SalesforceDistributed Deep Learning with Docker at Salesforce
Distributed Deep Learning with Docker at SalesforceDocker, Inc.
 
The First 10M Pulls: Building The Official Curl Image for Docker Hub
The First 10M Pulls: Building The Official Curl Image for Docker HubThe First 10M Pulls: Building The Official Curl Image for Docker Hub
The First 10M Pulls: Building The Official Curl Image for Docker HubDocker, Inc.
 
Monitoring in a Microservices World
Monitoring in a Microservices WorldMonitoring in a Microservices World
Monitoring in a Microservices WorldDocker, Inc.
 
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...Docker, Inc.
 
Predicting Space Weather with Docker
Predicting Space Weather with DockerPredicting Space Weather with Docker
Predicting Space Weather with DockerDocker, Inc.
 
Become a Docker Power User With Microsoft Visual Studio Code
Become a Docker Power User With Microsoft Visual Studio CodeBecome a Docker Power User With Microsoft Visual Studio Code
Become a Docker Power User With Microsoft Visual Studio CodeDocker, Inc.
 
How to Use Mirroring and Caching to Optimize your Container Registry
How to Use Mirroring and Caching to Optimize your Container RegistryHow to Use Mirroring and Caching to Optimize your Container Registry
How to Use Mirroring and Caching to Optimize your Container RegistryDocker, Inc.
 
Monolithic to Microservices + Docker = SDLC on Steroids!
Monolithic to Microservices + Docker = SDLC on Steroids!Monolithic to Microservices + Docker = SDLC on Steroids!
Monolithic to Microservices + Docker = SDLC on Steroids!Docker, Inc.
 
Kubernetes at Datadog Scale
Kubernetes at Datadog ScaleKubernetes at Datadog Scale
Kubernetes at Datadog ScaleDocker, Inc.
 
Labels, Labels, Labels
Labels, Labels, Labels Labels, Labels, Labels
Labels, Labels, Labels Docker, Inc.
 
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment ModelUsing Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment ModelDocker, Inc.
 
Build & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWSBuild & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWSDocker, Inc.
 
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...Docker, Inc.
 
Developing with Docker for the Arm Architecture
Developing with Docker for the Arm ArchitectureDeveloping with Docker for the Arm Architecture
Developing with Docker for the Arm ArchitectureDocker, Inc.
 

More from Docker, Inc. (20)

Containerize Your Game Server for the Best Multiplayer Experience
Containerize Your Game Server for the Best Multiplayer Experience Containerize Your Game Server for the Best Multiplayer Experience
Containerize Your Game Server for the Best Multiplayer Experience
 
How to Improve Your Image Builds Using Advance Docker Build
How to Improve Your Image Builds Using Advance Docker BuildHow to Improve Your Image Builds Using Advance Docker Build
How to Improve Your Image Builds Using Advance Docker Build
 
Build & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWSBuild & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWS
 
Securing Your Containerized Applications with NGINX
Securing Your Containerized Applications with NGINXSecuring Your Containerized Applications with NGINX
Securing Your Containerized Applications with NGINX
 
How To Build and Run Node Apps with Docker and Compose
How To Build and Run Node Apps with Docker and ComposeHow To Build and Run Node Apps with Docker and Compose
How To Build and Run Node Apps with Docker and Compose
 
Hands-on Helm
Hands-on Helm Hands-on Helm
Hands-on Helm
 
Distributed Deep Learning with Docker at Salesforce
Distributed Deep Learning with Docker at SalesforceDistributed Deep Learning with Docker at Salesforce
Distributed Deep Learning with Docker at Salesforce
 
The First 10M Pulls: Building The Official Curl Image for Docker Hub
The First 10M Pulls: Building The Official Curl Image for Docker HubThe First 10M Pulls: Building The Official Curl Image for Docker Hub
The First 10M Pulls: Building The Official Curl Image for Docker Hub
 
Monitoring in a Microservices World
Monitoring in a Microservices WorldMonitoring in a Microservices World
Monitoring in a Microservices World
 
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
 
Predicting Space Weather with Docker
Predicting Space Weather with DockerPredicting Space Weather with Docker
Predicting Space Weather with Docker
 
Become a Docker Power User With Microsoft Visual Studio Code
Become a Docker Power User With Microsoft Visual Studio CodeBecome a Docker Power User With Microsoft Visual Studio Code
Become a Docker Power User With Microsoft Visual Studio Code
 
How to Use Mirroring and Caching to Optimize your Container Registry
How to Use Mirroring and Caching to Optimize your Container RegistryHow to Use Mirroring and Caching to Optimize your Container Registry
How to Use Mirroring and Caching to Optimize your Container Registry
 
Monolithic to Microservices + Docker = SDLC on Steroids!
Monolithic to Microservices + Docker = SDLC on Steroids!Monolithic to Microservices + Docker = SDLC on Steroids!
Monolithic to Microservices + Docker = SDLC on Steroids!
 
Kubernetes at Datadog Scale
Kubernetes at Datadog ScaleKubernetes at Datadog Scale
Kubernetes at Datadog Scale
 
Labels, Labels, Labels
Labels, Labels, Labels Labels, Labels, Labels
Labels, Labels, Labels
 
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment ModelUsing Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model
 
Build & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWSBuild & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWS
 
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
 
Developing with Docker for the Arm Architecture
Developing with Docker for the Arm ArchitectureDeveloping with Docker for the Arm Architecture
Developing with Docker for the Arm Architecture
 

Recently uploaded

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 

Recently uploaded (20)

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 

Securing the Software Supply Chain with TUF and Docker - Justin Cappos and Santiago Torres, NYU