The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon Japan 2025 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.
Please note: This schedule is automatically displayed in Japan Standard Time (UTC+9:00). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change and session seating is available on a first-come, first-served basis.
Sign up or log in to bookmark your favorites and sync them to your phone or calendar.
SBOMs (Software Bills of Material) are essential for improving visibility and security in the software supply chain. As open-source code drives modern development, organizations face growing security risks due to limited transparency in software dependencies. Attacks like SolarWinds (2020) and Kaseya (2021) highlight the urgent need for stronger software supply chain security. However, SBOMs are often inaccurate. This talk explores why these inaccuracies occur, how attackers exploit them, and how to address these issues. A key challenge is dependency management file analysis (e.g., cargo.toml for Rust), which struggles to track components effectively. Enter SBOMit, an OpenSSF sandbox project leveraging in-toto attestations to create cryptographically verifiable SBOMs. By capturing supply chain steps as they occur, SBOMit enhances accuracy, mitigates tampering risks, and strengthens security. This talk examines SBOMit’s role in improving SBOM reliability across the CNCF ecosystem.
I am a professor at NYU who has been working on software supply chain security for more than 20 years. I am a maintainer / creator of the TUF, Uptane, and in-toto projects, which are all under the LF.
Yuchen is currently a postdoctoral researcher with the Secure Systems Laboratory (SSL) at the Tandon School of Engineering, New York University. He obtained his Ph.D. from the Department of Computer Science at Stevens Institute of Technology. Prior to Stevens, he completed his undergraduate... Read More →
