Unlocking zero trust supply chains | Technically Speaking

How do we secure the software supply chain? A zero trust security approach could help. Red Hat Software engineer and Sigstore project founder Luke Hinds joins Red Hat CTO Chris Wright to discuss zero trust and supply chain security with code signing for open source projects. Why do you need to adopt cryptographic signing for different components of the software development process? When pushing code or installing a runtime, we can't just say "My voice is my passport. Verify me." And if you don't really know where or how all the software in your pipeline was built, it can make you vulnerable to supply chain attacks-- but Sigstore aims to improve software supply chain integrity and solve this issue while making it easy for developers to sign releases and for users to verify them. Tune in to learn more and be sure to subscribe for more Technically Speaking. Learn More: https://github.com/sigstore https://www.wired.com/story/sigstore-open-source-supply-chain-code-signing/ Follow us: Chris Wright https://twitter.com/kernelcdub Luke Hinds https://twitter.com/decodebytes Sigstore https://twitter.com/projectsigstore What is Technically Speaking? Technically Speaking features captivating conversations between Chris Wright and a rotating cast of experts and industry leaders around what's on the horizon for technology. Want to participate? Leave us a comment if there's a topic or a guest you'd like to see featured. Watch More Technically Speaking: https://www.redhat.com/en/technically-speaking?sc_cid=7013a000002qR4EAAU Subscribe to Red Hat's YouTube channel: https://www.youtube.com/redhat/?sub_confirmation=1 #RedHat #DevSecOps #OpenShift