Software Supply Chains: A Look into the Future
Massive exploits such as the recent Log4j/Log4shell vulnerability are a sign that open source software best practices are still evolving. Furthermore, the risk of mismanaging — or worse, ignoring — open source vulnerabilities is only becoming greater.

As the robust use of open source software and software supply chains remains here to stay, this executive roundtable addresses how you can deal with the risks they pose, while ensuring both remain safe to use.

Attendees will discuss how to more proactively protect enterprise networks, lock down and audit open source software, secure software supply chains, and the likely impact of greater government focus on this domain, including backing for such concepts as the software bill of materials, or SBOM.

Discussion topics will includes:

  • From the $10 billion in commercial losses due to NotPetya, to the more recent problems with Log4j, what have we learned from headline incidents concerning supply chain vulnerabilities?
  • Looking across different organizations and sectors: where are the biggest gaps in software supply chain security and auditing in organizations today, not least in Germany?
  • What other unfolding trends might help in the near term, such as greater government focus on supply chain security and backing for SBOMs?
Ilkka Turunen
Ilkka Turunen
Field CTO

Tony Morbin
Tony Morbin
Executive Editor

Watch a brief video on the topic.
September 15, 2022 | 06:00 - 08:30 pm CEST | Berlin, Germany
By submitting this form you agree to our Privacy & GDPR Statement.
*Please note that this is an invitation-only event and space is limited. All requests to attend will be reviewed by our event staff and approved based on professional qualifications and event capacity. Additionally, these events will not be recorded and the Chatham House Rule will apply.

If you have any trouble submitting this form, please send an email to for assistance.
Sponsored By

More than 10 million software developers rely on Sonatype to innovate faster while mitigating security risks inherent in open source. Sonatype’s Nexus platform combines in-depth component intelligence with real-time remediation guidance to automate and scale open source governance across every stage of the modern DevOps pipeline. Sonatype is privately held with investments from TPG, Goldman Sachs, Accel Partners and Hummer Winblad Venture Partners. Learn more at

ISMG Brands

ISMG’s 30 global media properties provide security professionals with industry and geo-specific news, research and educational events.

September 15, 2022 | 06:00 - 08:30 pm CEST

Software Supply Chains: A Look into the Future