The industry is witnessing new attacks against the software supply chain and specifically the open-source eco-system which becomes an intrusion point for attackers to gain control over an organization's critical assets.

This is possible because the modern digital business increasingly relies on technology partnerships, leveraging third-party applications and data to deliver new functionality and optimized user experiences to market, often resulting in mishaps.

Security leaders have the daunting task of establishing accountability for checking the malicious code in their supply chain. Can you establish a methodology for a secure and transparent coding process? Can you assess and manage risks and vulnerabilities at the source code level? Do you have a robust security architecture to respond to software or open-source supply chain threats?

Discussion topics will include:

• From an AppSec perspective, what is the difference between malicious code and vulnerable code?
• How to establish a secure coding process without malicious intent and compromised source control system?
• How to adopt a “shift everywhere” strategy in taking a security-by-design approach through automation?
• Establishing a framework for faster detection and remediation of supply chain attacks;
• Streamlining the software bill of materials process with continuous monitoring and visibility into the overall system.