Featured
How Conda Signature Verification Secures Your Software Pipeline from the Start
Sebastien Awwad, Senior Security Engineer, Anaconda
Recent events have highlighted the importance of software supply chain trustworthiness and security.
In this session, we discuss the content trust features in conda and the Anaconda Professional Repository. We’ll describe the design of conda's package signature verification functionality and its trust architecture, and identify the threats they protect against. Finally, we’ll highlight what’s next for Anaconda content trust as we continue to work to better secure the conda package ecosystem.
All episodes
-
Know Your Enemy: Vulnerability Data And What To Do With It
Hassam Mian, Lead Sales Engineer, Anaconda - Christian Capdeville, Director, Product Marketing, Anaconda
Enterprise use of open-source software (OSS) has seen continued growth in recent years, powering rapid innovation and solution development. Unfortunately, as OSS use has increased, so too have software supply chain attacks. In the battle against software supply chain risk, common vulnerabilities and exposures (CVEs) serve as critical tools. In this session, we'll dive into CVEs and how to handle them. Questions we'll cover include:
Where does CVE data come from?
What goes into a CVE score?
What are the benefits and limitations of public CVE data?
How can enterprises use CVEs to secure their OSS pipelines? -
Securing Your AI/ML & Data Science Supply Chain
Frank Yang, Principal Solutions Architect, Anaconda
As the adoption of artificial intelligence, machine learning, and data science (AI/ML/DS) continues to grow, the importance of open source security has never been more critical.
Today, upwards of 95% of enterprises rely on open source for rapid innovation making them attractive targets for threat actors who may attempt to compromise popular packages or distribute malicious ones.
Join Anaconda’s Principal Solutions Architect, Frank Yang, to learn how to secure your open source supply chain. This session will:
Delve into the challenges and risks associated with open-source
Demystify software supply chain security
Share best practices for mitigating open source risks
You will gain key insights on how to assess and secure your software supply chain and leverage open source innovations safely in your enterprise.
-
How to Secure Your Python Open-Source Supply Chain from Hidden Threats
Rongliang (Leon) Zhou, Principal product manager, Anaconda
The innovation, community, and agility of open source software are unmatched, but Python ecosystems are not without risk. Security vulnerabilities are a reality in open-source code just as they are with proprietary software. It's a high-stakes game that depends on the robustness of your supply chain security. Scanning for security vulnerabilities is not enough; you must trust where your open-source software packages, libraries, and databases originate. We’re here to help.
In this webinar, you will learn:
Where, why, and how security issues might creep into your Python and R open-source ecosystem
How a single compromised open-source component can lead to a cascade of security breaches
Key steps for securing your open-source supply chain and a roadmap of risks you can reference with your teams to build security awareness -
How Conda Signature Verification Secures Your Software Pipeline from the Start
Sebastien Awwad, Senior Security Engineer, Anaconda
Recent events have highlighted the importance of software supply chain trustworthiness and security.
In this session, we discuss the content trust features in conda and the Anaconda Professional Repository. We’ll describe the design of conda's package signature verification functionality and its trust architecture, and identify the threats they protect against. Finally, we’ll highlight what’s next for Anaconda content trust as we continue to work to better secure the conda package ecosystem.