Sigstore (Project Rekor)
Sigstore, formerly Project Rekor, is part of a new, experimental product to provide “software supply chain transparency” --- the ability for software producers to identify software components throughout different vendors, communities and sub-organizations. With this, high assurance software products are able to identify counterfeit software, decomission vulnerable code, and stop hackers trying to poison software delivery pipelines. Students will work in system building, security evaluation and deployment of test infrastructure.
Basic programming, some knowledge of Golang may be useful, but not required. Interest in software security
Spring 2022: TBA
Fall 2022: TBA