Linking Up The Pieces: Software Supply Chain Security at Google and Beyond

Topics covered:

• What is software supply chain security and how is it different from other kinds of supply chain security?
• What types of organizations need to care about it? Is supply chain security a concern for large, elite enterprises only?
• What’s the relationship between what we’re doing here, and what SBOM is?
• Can you talk us through a quick threat assessment of a supply chain security issue? What are the realistic threats here and who are the threat actors involved?
• How does Google try to solve these problems internally? Have we succeeded?
• How does this translate into our products? By the way, what’s SLSA?