From Integrity to Trust: Rethinking Software Supply Chain Security
Presenters
Abstract
Modern software supply chains increasingly require demonstrable security, transparency, and trust. Traditional integrity checks and image signing alone are no longer sufficient to meet evolving regulatory, compliance, and operational expectations. Software trust must instead be grounded in verifiable evidence and independent attestation.
This session examines the regulatory and industry drivers behind this shift and explores how software trust can be assessed beyond static artifacts, including SBOMs, lifecycle security testing, vulnerability analysis, evidence‑based attestations, provenance, and trust validation at deployment and runtime.