October 25, 2022 | Detroit, Michigan
View More Details & Registration Information

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon North America 2022 - Detroit, MI + Virtual and add this Co-Located event to your registration to participate in these sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Eastern Daylight Time (EDT), UTC -4. To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date."

The schedule is subject to change.
Back To Schedule
Tuesday, October 25 • 11:00am - 11:30am
No Keys? No Problem: Why You Can Trust Sigstore Signatures - Asra Ali, Google; Joshua Lock, VMware & Fredrik Skogman, GitHub

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Are you skeptical of how a free, transparent, and community operated code signing service can be secure? If “keyless” signing sounds too good to be true, then this is the talk for you! In this talk, we will describe what Sigstore’s public infrastructure must protect in order to deliver this visionary future of keyless signing for software supply chain security. Then, we will discuss how it achieves this using a trust root that follows Sigstore core principles for openness. And finally, for good measure, we will put a Sigstore client to the test with a demo that mimics a real-life compromise of the critical components!

avatar for Asra Ali

Asra Ali

Senior Software Engineer, Google
Asra is Software Engineer on the Google Open Source Security Team (GOSST) where she works on projects like Sigstore. She’s a maintainer of Sigstore’s Rekor, and The Update Framework’s go-tuf implementation. In previous times, she worked on Envoy, fuzzing, and privacy-preserving... Read More →
avatar for Joshua Lock

Joshua Lock

Staff Open Source Engineer, VMware
Joshua is a Staff Open Source Engineer in VMware’s Open Source Program Office where he works on software supply chain security standards and tools. He is a steering committee member and maintainer for the Supply chain Levels for Software Artifacts (SLSA) project, an editor of The... Read More →
avatar for Fredrik Skogman

Fredrik Skogman

Staff Engineer, GitHub
Fredrik is a Staff Engineer on the Package Security Engineering team at GitHub, where he focuses on securing the software supply chain. He previously spent several years as the technical lead for Pingdom and the SolarWinds cloud platform, where he focused on scalable and secure architectures... Read More →

Tuesday October 25, 2022 11:00am - 11:30am EDT
Room 430 A