EP66 Is This Binary Legit? How Google Uses Binary Authorization and Code Provenance


Manage episode 329434926 series 2892548
โดย Anton Chuvakin และถูกค้นพบโดย Player FM และชุมชนของเรา -- ลิขสิทธิ์นี้เป็นของผู้เผยแพร่ ไม่ใช่ Player FM โดยมีการสตรีมเสียงโดยตรงจากเซิร์ฟเวอร์ผู้เผยแพร่ กดปุ่มติดตามเพื่อติดตามการอัพเดทใน Player FM หรือวาง URL ฟีดนี้ไปยังแอพพอดคาสท์อื่น


  • Sandra Guo, Product Manager in Security, Google Cloud


  • We have a really interesting problem here: if we make great investments in our use of trusted repositories, and great investments in doing code review on every change, and securing our build systems, and having reproducible builds, how do we know that all of what we did upstream is actually what gets deployed to production?
  • What are the realistic threats that Binary Authorization handles? Are there specific organizations that are more at risk from those?
  • What’s the Google inspiration for this work, both development and adoption?
  • How do we make this work in practice at a real organization that is not Google?
  • Where do you see organizations “getting it wrong” and where do you see organizations “getting it right”?
  • We’ve had a lot of conversations about rolling out zero-trust for enterprise applications, how do those lessons (start small, be visible, plan plan plan) translate into deploying Binauthz into blocking mode?


80 ตอน