Securing the software supply chain with AWS and SUSE (SEC312)

Securing the Software Supply Chain with AWS and SUSE

Introduction

  • The presentation is focused on securing the software supply chain, given by Ted Jones, who has over 25 years of industry experience and recently joined SUSE.
  • The session aims to define the problem, discuss the consequences of not securing the software supply chain, and explore the components of the software supply chain.
  • The presentation will then dive into the solution, including the use of AWS and SUSE products and features, and discuss next steps and a call to action.

The Problem

  • Attacks on the software supply chain can lead to project delays, product release slips, compliance issues, revenue loss, and loss of customer trust.
  • These issues can result in significant costs, with IBM estimating around $5 million per incident.
  • Fines, legal expenses, and the impact of ransomware can further increase the costs.
  • The loss of talent and expertise due to these incidents can also be a significant challenge.

Components of the Software Supply Chain

  • The software supply chain for containers includes:
    • Developer committing code to source control
    • Use of third-party tools like IDEs and AI code assistance
    • CI/CD process to build, test, and push code to image repositories
    • Deployment to target environments

Potential Vulnerabilities

  • Vulnerabilities can be introduced through:
    • Proprietary and open-source code
    • Third-party open-source libraries with known vulnerabilities
    • Malware, phishing, and process hijacking
    • Application and infrastructure misconfiguration

Security Models

  • The CIA Triad (Confidentiality, Integrity, Availability) has been a longstanding security model.
  • The DIE Triad (Distributed, Immutable, Ephemeral) is a more recent model that addresses the challenges of distributed systems, containers, and cloud environments.

SUSE Solutions

  • SUSE Rancher Prime is built on SLSA Level-3 compliance, providing a secure container platform with features like:
    • SBOM (Software Bill of Materials) for each build
    • User management and integration with LDAP/AD
  • SUSE Application Collection provides curated and patched open-source libraries for enterprise-grade applications.
  • SUSE Observability, acquired through the Stack State acquisition, provides security and compliance monitoring.
  • Kubewarden is an admission controller and policy engine that can be integrated with AWS CodePipeline.
  • SUSE Security provides admission control, compliance scanning, and behavior-based zero-trust policies.
  • SUSE Private Container Image Repository, based on the Harbor community project, provides a trusted and managed image repository.

SUSE Open-Source Ecosystem

  • SUSE is committed to open-source and provides various products based on open-source projects:
    • SUSE Security (NeuVector and Kubewarden)
    • SUSE Observability (Stack State)
    • SUSE Rancher Prime (Rancher, SUSE Security, SUSE Observability)
    • SUSE Virtualization (Harvester based on KubeVirt)
    • SUSE Storage (Longhorn)

Next Steps and Call to Action

  • Visit the SUSE booth at re:Invent (booth 1858) to:
    • Try the SUSE Observability free trial and enter a raffle for a Meta Quest-3 set of goggles
    • See demos of SUSE Rancher, SUSE Security, and SUSE Observability
    • Provide feedback and get your questions answered
  • Check out the SUSE.com landing page for AWS and the blog post by the presenter.
  • Fill out the survey to provide feedback.

Your Digital Journey deserves a great story.

Build one with us.

Cookies Icon

These cookies are used to collect information about how you interact with this website and allow us to remember you. We use this information to improve and customize your browsing experience, as well as for analytics.

If you decline, your information won’t be tracked when you visit this website. A single cookie will be used in your browser to remember your preference.

Talk to us