Tuesday, August 8th, 2023

Software Supply Chain Security Gaps in Your Application Security Program

6:00 - 8:30pm PDT | Las Vegas, NV

Event Overview

The open-source ecosystem is the lifeblood and starting point of every software supply chain. Packages are downloaded hundreds of thousands of times a day and used in all types of software around the globe. As threat actors increasingly execute more attacks via the open-source software ecosystem, clear gaps have emerged in modern application security. 

While most organizations are focused on threats from critical vulnerabilities, attackers have moved on to new, more effective tactics that directly target developers. Even with tools like software composition analysis (SCA), security analytics, endpoint protections and private repositories in place, developers can still easily install open-source packages with malicious code that triggers on install to steal secrets, and install backdoors. Developers are responsible for innovation, have the AWS, SSH and GPG keys, often the signing keys, and unfettered access to build infrastructure and source code version control systems. This makes them the new high-value targets, and the open-source ecosystem is the new permitter. 

DISCUSSION POINTS

  • How bad actors are using the open-source ecosystem to launch software supply chain attacks
  • The gaps in your application security program
  • How to address these gaps, protect developers and block attacks

Moderator

Tom Field

SVP, Editorial

ISMG

Pete Morgan

Co-Founder and CSO

Phylum

Speakers

Join Pete Morgan, Co-Founder and CSO at event sponsor Phylum, to gain his unique insight into the emerging gaps in modern application security and take key takeaways of how to put these findings to work to strengthen your own enterprise’s defense.

This session will be:

  • Chatham house rules
  • Peer driven
  • Pitch free

Exclusive Sneak Peek: Get a Preview of this Upcoming Roundtable!

Venue

Smith & Wollensky - Las Vegas

The Grand Canal Shoppes, 3377 S, Las Vegas Blvd, NV 89109

Underwritten by

Phylum is a security-as-code platform that gives security and risk teams more visibility into the code development lifecycle, and the ability to enforce security policy without disrupting innovation. Phylum analyzes open-source software packages as they are published and contextualizes the risks, protecting developers and applications at the perimeter of the open-source ecosystem and the tools used to build source code. The platform can be deployed on endpoints or plug directly into CI/CD pipelines so organizations experience seamless, always-on defense at the earliest stages of a build.

Rules of Engagement

By taking part in this discussion you agree that:

  • These events follow Chatham House Rule. Nothing shared will be recorded or distributed anywhere online.
  • If for any reason you need to cancel your reservation, we ask you to let us know 48 hours prior to the event commencing so we can open your seat up to someone else.
  • These are interactive discussions, so we ask that all attendees participate in the discussion. If this is a virtual event, we ask all attendees to join via video.

Upcoming ISMG Events

November 7, 2024

Cybersecurity Summit NY: Financial Services Hosted by BankInfoSecurity

November 7, 2024

Elevating SecOps Excellence with AI and Automation

November 14, 2024

Transformez vos Opérations avec l'IA Générative Avancée d'Elastic et Google Cloud Paris

December 5, 2024

Virtual IoT/OT Summit

February 11-12, 2025

Virtual Summit: Cybersecurity Implications of AI

Upcoming ISMG Events

November 7, 2024

Cybersecurity Summit NY: Financial Services Hosted by BankInfoSecurity

November 7, 2024

Elevating SecOps Excellence with AI and Automation

November 14, 2024

Transformez vos Opérations avec l'IA Générative Avancée d'Elastic et Google Cloud Paris