Prata EU Cyber Resilience Act med oss! #17

Dags för maj månads Prata CRA och NIS2 med oss!  

Software Supply Chain Security
This month in our monthly series of lunch seminars we’ll focus on Software Supply Chain Security with two students from the CHAINS project at KTH in Stockholm. The seminar will be held in English and will have two parts:
Can reproducible builds strengthen the software supply chain? The threat landscape for software today extends beyond the logic of the source code, encompassing vulnerabilities from external sources such as third-party libraries, build processes and distribution pipelines. Ensuring the integrity of software is crucial, yet the complex nature of software supply chains complicates this task. Build reproducibility strengthens the software supply chain by ensuring that the same source code always compiles into the same binary, enabling bit-for-bit verification of artifacts. However, achieving reproducibility faces challenges. In this talk, we will discuss how reproducible builds can be leveraged to increase software integrity, what current challenges are, and insights from my experience of achieving reproducible builds for Go Ethereum.
Speaker: Vivi Andersson, Master's student in the CHAINS Software Engineering Research Group at KTH. https://www.linkedin.com/in/viviandersson

The container challenge
How do we ensure security in containerised environments?
Containers have become integral components of modern software development and deployment, offering flexibility, scalability, and efficiency. However, ensuring the security of containerized environments remains a significant challenge due to the dynamic nature of container ecosystems and the evolving threat landscape. This presentation focuses on the generation of Vulnerability Exploitability Exchange (VEX) reports tailored specifically for containers. The VEX framework provides a standardized approach to assess and communicate the severity of vulnerabilities in containerized environments. By evaluating both the technical details of vulnerabilities and their potential exploitability, VEX reports offer valuable insights for existing vulnerabilities in container images and deployments. Overall, this presentation discusses existing challenges in VEX reports production for container images, their effectiveness for container security strategy, existing gaps and uncertainties in vulnerability mapping process and possible future works in this field.
Speaker: Yekatierina Churakova PhD Student, KTH Royal Institute of Technology.

The session hosts - Per-Erik Eriksson and Olle E. Johansson will as usual manage the session and lead the questions and answers part together with our speakers.
The session will be conducted in english and will be recorded for future publication on YouTube.

Välkommen med din anmälan!

We look forward to your registration!