Loading…
EnvoyCon 2020 has ended
All talks are pre-recorded and will play as scheduled with live speaker Q+A following the presentation. Sessions will not be available on-demand in Hopin but will be uploaded to the CNCF YouTube channel by early November.
Back To Schedule
Thursday, October 15 • 11:30am - 12:00pm
Understanding, maintaining and securing Envoy's supply chain

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share
Envoy depends on over 60 external dependencies for its data and control plane functionality, as well as for its build, test and features such as observability. This talk will provide an overview of the third party dependencies that constitute the Envoy software supply chain. We will enumerate, categorize and describe the key dependencies, with a focus on security and how they relate to the Envoy threat model. The talk will cover how Envoy’s dependencies have been maintained, versioned and tested, how the Envoy community plans to evolve and increase confidence in the supply chain, as well as how organizations can apply strategies to minimize unnecessary dependencies.
Speakers
avatar for Michael Payne

Michael Payne

Executive Director, JPMorgan Chase
Michael Payne is an engineer at JPMorgan Chase where he leads the Kubernetes Architecture team. He works with the Envoy community particularly in the areas of dependency management and supply chain. His Envoy interests include new protocols (UDP, HTTP/3), load balancing and egress... Read More →
avatar for Harvey Tuch

Harvey Tuch

Software Engineer, Google
Harvey Tuch is a Staff Software Engineer at Google where he leads the Envoy Platform team. He is an Envoy senior maintainer and is a driver of the Universal Dataplane API (UDPA) initiative. His Envoy interests include xDS APIs, security, fuzzing and performance.

Understanding, maintaining and securing Envoy's supply chain pdf
Thursday October 15, 2020 11:30am - 12:00pm PDT
Virtual
  Envoy Internal Track