From Integrity to Trust: Rethinking Software Supply Chain Security

This presentation explains why software supply chain security must evolve beyond hashes, code signing, SBOMs, and compliance artifacts toward continuous, evidence-based trust. The slides cover where supply chain risks enter the SDLC, why integrity alone does not prove software is trustworthy, and how correlated trust signals—such as SBOMs, testing, vulnerabilities, provenance, and attestations—can support real operational decisions like deployment, blocking, runtime enforcement, and monitoring.

Complete the form to access the document
By submitting this form, you confirm your agreement to our Privacy Policy and agree that we may contact you in a manner as described in our Privacy Policy.
Chat