The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon Europe 2025 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.
Please note: This schedule is automatically displayed in British Summer Time (BST) (UTC +1). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change and session seating is available on a first-come, first-served basis.
in-toto is a framework that allows users to protect their software supply chain. The framework achieves this by providing two key capabilities: cryptographically attesting steps along the supply chain and enforcing policies that govern the relationships between the attestations.
This talk aims to introduce new users to in-toto and provide a brief overview of the progress made by all the subprojects and working groups.
I am a professor at NYU who has been working on software supply chain security for more than 20 years. I am a maintainer / creator of the TUF, Uptane, and in-toto projects, which are all under the LF.
Alan is passionate about open software and has contributed to software supply chain security projects such as in-toto and sigstore. He is a software engineer at Keytos and graduated from Purdue University with a degree in Computer Engineering.
