How Conda Signature Verification Secures Your Software Pipeline from the Start

Logo
Presented by

Sebastien Awwad, Senior Security Engineer, Anaconda

About this talk

Recent events have highlighted the importance of software supply chain trustworthiness and security. In this session, we discuss the content trust features in conda and the Anaconda Professional Repository. We’ll describe the design of conda's package signature verification functionality and its trust architecture, and identify the threats they protect against. Finally, we’ll highlight what’s next for Anaconda content trust as we continue to work to better secure the conda package ecosystem.

Related topics:

More from this channel

Upcoming talks (1)
On-demand talks (17)
Subscribers (2535)
With more than 35 million users, Anaconda is the world’s most popular data science platform and the foundation of modern machine learning. We pioneered the use of Python for data science, champion its vibrant community, and continue to steward open-source projects that make tomorrow’s innovations possible. Our enterprise-grade solutions enable corporate, research, and academic institutions around the world to harness the power of open-source for competitive advantage, groundbreaking research, and a better world.