The Videos are copyrighted to YouTube and the author. The videos are reproduced here for the easy access by the viewers.
Zack Newman is a research scientist at Chainguard, where he builds software to make the software supply chain secure by default. After 4 years as a software engineer and tech lead on Google Cloud SDK, Zach moved to MIT CSAIL to research authenticated data structures and Tor network performance. Now at Chainguard, he’s pursuing his passions for developer tooling, supply chain security, and applied cryptography.
In this fireside chat, Zack joins Hugo Bowne-Anderson, Outerbounds’ Head of Developer Relations, to discuss the intersection of ML systems and supply chain security. In particular, how good ML infrastructure is good ML supply chain security. They’ll discuss how you can secure the machine learning supply chain without sacrificing velocity, how this applies to both software supply chain security and data/ML infrastructure, and what OSS tools (and products) are currently available in the space.
After attending, you’ll have an understanding of
– How reproducibility in data science is better for science, business, and security;
– How to navigate the tension between cutting-edge technology and careful dependency management;
– How you can secure the machine learning supply chain without sacrificing velocity;
– How ML model provenance and distribution (think HuggingFace, LLMs, and more) are essential to reasoning through ML software security;
– What MLOps can learn from recent developments in DevOps for non-ML workloads;
– Why your models need an “ingredients list” and how to safely build on external models, such as those from HuggingFace;
– Tools you can use to get started today!
The fireside chat will be followed by an AMA with Zack and Hugo at slack.outerbounds.co.
00:00 Prelude
04:20 The fireside chat begins!
11:23 Secure by default?
15:19 What does “Supply Chain Security in Software” mean?
22:18 How about “Supply Chain Security in ML”? What changes here?
26:45 Supply Chain threats to LLMs via poisoning
28:55 How can you secure the machine learning supply chain without sacrificing velocity?
36:04 How can data scientists and MLEs navigate the tension between cutting-edge technology and careful dependency management?
43:51 Security issues with Docker and containerization alternatives
51:15 LLMs, model provenance, and ML security concerns
54:33 What type of “ingredients list” do your models need and how can you safely build on external models, such as those from HuggingFace?
source