Istio and Supply Chain Security

Apr-29 16:40 UTC

Language: English

Over the last decade, the use of open source by organizations has increased drastically and is considered as a catalyst for innovation.However, opensource is seen as inherently insecure due to various reasons such as insecure development practices, lack of required infrastructure and awareness. The Cloud Native ecosystem is one of the exemplary communities which could make a great impact on improving the security posture of open source software while allowing organisations to consume open source in a fast, secure & sustainable manner. This talk will highlight a few ongoing initiatives across cloud native projects for standardised generation of Software Bill Of Materials, and how the same procedure was applied to Istio by adopting SPDX standard using K8s bom. We will also discuss how these security standards can help ease the consumption of the opensource code by organisations, and the importance and the necessity of cross collaboration and pollination between projects.