Attending this event?
December 5-6, 2022
Yokohama, Japan + Virtual
View More Details & Registration
Note: The schedule is subject to change.

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for Open Source Summit Japan 2022 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

This schedule is automatically displayed in Japan Standard Time (UTC +9). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date."

IMPORTANT NOTE: The timing of sessions and room locations are subject to change.

Back To Schedule
Monday, December 5 • 11:50 - 12:30
Securing Your Supply Chain by Building with FRSCA - Michael Lieberman, Kusari

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Log in to leave feedback.
FRSCA (pronounced Fresca) is an OpenSSF project (https://github.com/buildsec/frsca) that secures the software supply chain by helping secure the build pipeline. FRSCA is an implementation of the CNCF's Secure Software Factory Reference Architecture. FRSCA is both a suite of build, signing, identity, and other tools as well as a set of abstractions intended to make secure build pipelines simple and straightforward to create. It follows common security standards and frameworks like SLSA (https://slsa.dev) and NIST's SSDF. It also makes it easy to generate attested metadata like software bill of materials (SBOM) and SLSA attestations. In this talk Michael will explore how the Secure Software Factory Reference Architecture was designed to protect against supply chain compromise coming from your build pipeline. He will show some common supply chain attacks, and how they can be used to compromise downstream software you build, distribute, and operate. Afterwards he will show how you can use FRSCA to prevent, react to, and audit these attacks.


Michael Lieberman

CTO, Kusari
Michael Lieberman is an engineer and architect focused on technology transformation especially with regards to cloud native architectures, technologies and migrations. His passion is in applying his expertise to use cases where privacy and security are paramount. Most recently he... Read More →

frsca pptx

Monday December 5, 2022 11:50 - 12:30 JST