Software Supply Chain: Threats and Strategies to Reduce Risk
The 2021 executive order on cybersecurity and recent high-profile incidents including SolarWinds and Log4Shell highlight the fact that an organization's software supply chain must not be overlooked by enterprise security teams. Supply chain risks have emerged in recent years in parallel with fundamental changes in how we develop and consume software.
Over the last decade or so, digital transformation and the need for fast time-to-market have driven new software development practices including agile methodologies, DevOps processes, and the broad use of open source software. The rise of cloud, containers, and APIs have contributed changes in how software is deployed and used.
With these dramatic changes and cultural shifts, security professionals are faced with new challenges and difficult questions about securing their environments. Software bill of materials (SBOM) is an initiative that has garnered attention lately as a way to reduce supply chain risks, but how do SBOMs help and where do they fall short?
Join this session to learn about threats to the modern software supply chain, government regulations that are gaining momentum, and steps you can take now and in the future to reduce the risk of falling victim.
Discussion topics will include:
- What is the software supply chain?
- How do adversaries look to exploit the supply chain? What are the biggest threats?
- Are there countermeasures to address supply chain risks?
- How can we implement security without slowing down our dev teams?
- How do we ensure - and prove - that our developers are not using vulnerable open source libraries?