Cloud Native Security Day Europe 2020

There are aspects of Cloud Native security:
- talks about protecting the runtime
- talks focusing on writing secure code

In this talk I take a different focus: there are many trusts we take for granted while building software. From CA authorities on your laptop to Saas solutions:

- How to verify trust of your dependencies: from metadata , binaries and repositories
- How to provide trust to others that build upon your software
- How this ties into the concept of “reproducible builds”
- How the concepts of the “The Update Framework” (TUF) relate
- How this ties into trusting Saas solutions/Serviceless & Servicefull

Obviously not trust without verification, so I will explain these topics using practical examples from the Nodejs and Docker ecosystems. Let’s take ownership of your trust , we are already responsible when things go wrong anyway.

Note: the slides added to this submission will be fine tuned for a Cloud Native Audience. Trust me :)