![CERIAS Weekly Security Seminar - Purdue University show](https://d3dthqtvwic6y7.cloudfront.net/podcast-covers/000/043/797/small/cerias-security-seminar-podcast.jpg)
Summary: The software development process, or software supply chain, is quite complex and involves a number of independent actors. Due to this ever-growing complexity has led to various software supply chain compromises: from XCodeGhost injecting malware on millions of apps, to the highly-publicized SolarWinds Compromise. In this talk, Santiago will introduce various research challenges, as well as attempts from both Open Source and Industry --- such as SigStore, CoSign and in-toto --- to protect millions of users across the globe.