Santiago is the team lead of in-toto, a framework to secure the software development life cycle, as well as PolyPasswordHasher, a password storage mechanism that’s incredibly resilient to offline password cracking. The CNCF Technical Oversight Committee (TOC) has voted to accept in-toto as a CNCF incubating project. in-toto is a framework that protects the software supply chain by collecting and verifying relevant data. It does so by enabling libraries to collect information about software supply chain actions and allowing software consumers and project managers to publish policies about software supply chain practices that can be verified before deploying or installing software.
Want more TSTV interviews? Click here.