Awesome Conferences

April NYC DevOps Meetup: Building a tamper-evident CI/CD system

The April nycdevops Meetup is Thursday, April 18. Doors open at 6:30pm!

https://www.meetup.com/nycdevops/events/260294692/

NOTE: The meetings are now on THURSDAY.

  • Title: How to build a tamper-evident CI/CD system
  • Speaker: Trishank Karthik Kuppusamy, Datadog, Inc

TALK DESCRIPTION: CI/CD is critical to any DevOps operation today, but when attackers compromise it, they get to distribute malicious software to millions of unsuspecting users. We present how Datadog used TUF and in-toto to develop, to the best of our knowledge, the industry's first end-to-end verified pipeline that automatically builds integrations for the Datadog agent. That is, even if this pipeline is compromised, users should not be able to install malware. We will show a demonstration of our pipeline in production being used to protect users of the Datadog agent, and describe how you can use TUF + in-toto secure your own pipeline.

SPEAKER BIO: Trishank Karthik Kuppusamy is a security engineer at Datadog, Inc. Previously, he led the research and development of The Update Framework (TUF) and Uptane at the NYU Tandon School of Engineering. He is also a member of the IEEE-ISTO Uptane standardization alliance, and an Editor of in-toto Enhancements.

Space is limited. Please RSVP soon!

Posted by Tom Limoncelli in NYCDevOps Meetup

No TrackBacks

TrackBack URL: https://everythingsysadmin.com/cgi-bin/mt-tb.cgi/2165

Leave a comment

Credits