ControlPlane Sponsors PhD of in-toto Author Santiago Torres
ControlPlane, the open source and cloud native security consultancy, is proud to announce its sponsorship of the PhD work of in-toto author Santiago Torres on software supply chain security. This collaboration underscores ControlPlane’s dedication to enhancing open-source development and security research.
Our collaboration with Santiago Torres encompasses several noteworthy projects, reflecting ControlPlane’s commitment to supporting open source by integrating in-toto into critical infrastructure. The integration of in-toto into the News UK pipeline, the Kubesec static analyser, and support for the Jenkins in-toto plugins, showcases ControlPlane’s expertise in implementing robust security measures.
One of the key achievements worth highlighting is the successful integration of in-toto into the News UK pipeline. By leveraging in-toto’s capabilities, ControlPlane has reinforced News UK’s security posture, ensuring the integrity and authenticity of their software supply chain.
Another milestone is the addition of in-toto support to Kubesec. This integration enhances security for Kubernetes applications through in-toto’s verification capabilities, facilitating secure and reliable application deployment in Kubernetes environments, and is detailed in the paper in-toto: Providing farm-to-table guarantees for bits and bytes.
ControlPlane’s commitment to generalising software supply chain security extends through their efforts in updating the Jenkins in-toto plugins. By embracing the latest developments in the open source in-toto-java project and supporting the Grafeas transport, ControlPlane reinforces the security of Jenkins-based workflows and deployments.
Andrew Martin, CEO of ControlPlane, expressed pride in sponsoring Santiago Torres’ work, stating, “We are honored to support Santiago’s efforts in advancing software supply chain security. ControlPlane remains devoted to backing the open source community and driving innovation in cloud native security.”
ControlPlane’s collaboration with NYU-SSL and the financial support provided to Santiago Torres represent their ongoing dedication to fostering research and development in security. By supporting Santiago’s PhD work, ControlPlane is actively contributing to the advancement of software supply chain security and open source initiatives.
2019 update: The in-toto project was sponsored into the CNCF.