Language Platforms and Software Supply Chain

As computing evolved, targeting specific hardware and architectures became impractical, leading to the development of language platforms and runtimes such as Java’s JVM and Microsoft’s CLR. Today, we write code for various environments, including IoT devices, Kubernetes sidecars, service meshes and the kernel. As a result, modern language platforms need to be portable, lightweight, and secure. This session delves into the latest developments in language platforms, enabling developers to write code using a growing range of languages across an expanding array of platforms.

From a security perspective, the supply chain we use to build and deploy our software, has become just as important as the platform it runs on. We’ve recently witnessed numerous high-profile attacks targeting the supply chain, resulting in much greater attention on this challenge. This particular branch of security is interesting because there are many components in a typical software supply chain, which means security solutions and risk mitigations require a multifaceted approach. In this session we’ll dive into secure software supply chain architectures, learn about tools that can help mitigate common risks, and explore the current landscape of available solutions. 


From this track

Session WebAssembly

Wasm: What is Universal Compute Good For?

Tuesday Jun 13 / 10:35AM EDT

WebAssembly represents the future of portable computing, providing an efficient and secure runtime for many languages. In the last year there has been an explosion of growth in Wasm on the backend, from managed platforms, tooling, and further standardization work around WASI.

Speaker image - Sean Isom

Sean Isom

Senior Engineer @Adobe

Session Security

Sigstore: Secure and Scalable Infrastructure for Signing and Verifying Software

Tuesday Jun 13 / 11:50AM EDT

Sigstore is an open-source project that aims to provide a transparent and secure way to sign and verify software artifacts.

Speaker image - Billy Lynch

Billy Lynch

Staff Software Engineer @Chainguard

Speaker image - Zack Newman

Zack Newman

Research Scientist @Chainguard

Session WebAssembly

Build Features Faster With WebAssembly Components

Tuesday Jun 13 / 01:40PM EDT

Wasm modules revolutionized portable application code. For the first time, they allowed us to write in a high-level language - like Go or Rust - and then target WebAssembly as the platform-agnostic bytecode.

Speaker image - Bailey Hayes

Bailey Hayes

Director @Cosmonic

Session jvm

Virtual Threads for Lightweight Concurrency and Other JVM Enhancements

Tuesday Jun 13 / 02:55PM EDT

Concurrent applications, those serving multiple independent application actions simultaneously, are the bread and butter of server-side programming. The thread has long been software’s primary unit of concurrency, and has also served as a core construct for observability and debugging, but i

Speaker image - Ron Pressler

Ron Pressler

Technical Lead OpenJDK's Project Loom @Oracle

Session Software Supply Chain Security

Achieving SLSA Certification with a “Bring-Your-Own-Builder” Framework

Tuesday Jun 13 / 04:10PM EDT

Supply-chain Levels for Software Artifacts, or SLSA (pronounced “salsa”), is a security framework to reason about and improve the integrity of released artifacts. With the recent release of SLSA version 1.0, SLSA is seeing increased adoption, both from industry and open source projects.

Speaker image - Asra Ali

Asra Ali

Software Engineer @Google

Session Software Supply Chain Security

Securing the Software Supply Chain: How in-toto and TUF Work Together to Combat Supply Chain Attacks

Tuesday Jun 13 / 05:25PM EDT

Software supply chain attacks have seen a 742% increase in the last three years. in-toto is a battle-tested and broadly deployed CNCF incubated project that counters these threats.

Speaker image - Marina Moore

Marina Moore

PhD Candidate @NYU & Tech Lead for CNCF's TAG Security

Date

Tuesday Jun 13 / 10:35AM EDT

Share

Track Host

Priya Wadhwa

Software Engineer @Chainguard

Priya Wadhwa is a software engineer at Chainguard, where she works on a variety of open source projects with the goal of improving software supply chain security. She is a member of the Sigstore Technical Steering Committee and a maintainer of the Tekton Chains project. She's passionate about making security easy and available for everyone.

Read more

Track Host

Colin Eberhardt

CTO @Scott_Logic

Colin is the CTO at Scott Logic, a UK-based software consultancy where they create complex application for their financial services clients. He's an avid technology enthusiast, spending his evenings contributing to open source projects, writing blog posts and learning as much as he can. You can find him online @ColinEberhardt.

Read more
Find Colin Eberhardt at: