Dan Lorenc, co-founder and CEO of Chainguard, joins host Priyanka Raghavan to explore Sigstore and its role in securing the software supply chain. They unpack the challenges of supply chain security, including verifying the origin and integrity of software artifacts, and explain the problems Sigstore is designed to solve. The conversation goes under the hood to examine how Sigstore works, covering key components such as code signing, verification, the certificate authority model, and transparency logs—often compared conceptually to blockchain for their auditability. The episode also highlights real-world adoption, community resources for getting started, and closes with a discussion of Chainguard Images and how development teams can use them to build with more secure base images.
Brought to you by IEEE Computer Society and IEEE Software magazine.
This episode is sponsored by IEEE Computer Society
Show Notes
Related Episodes
- SE Radio 541: Jordan Harband and Donald Fischer on Securing the Supply Chain
- SE Radio 606: Charlie Jones on Third-Party Software Supply Chain Risks
- SE Radio 535: Dan Lorenc on Supply Chain Attacks
- SE Radio 658: Tanya Janca on Secure Coding
- SE Radio 642: Simon Wijckmans on Third-Party Browser Script Security
