Massive exploits such as the recent Log4j/Log4shell vulnerability are a sign that open source software best practices are still evolving. Furthermore, the risk of mismanaging — or worse, ignoring — open source vulnerabilities is only becoming greater.

With the robust use of open source software and software supply chains here to stay, this executive roundtable addresses how you can manage the risks they pose - focusing in on the Oiltanking GmbH cyber-attack.

Attendees will discuss how to proactively protect enterprise networks, audit open source software, and secure software supply chains. The impact of greater government focus on this domain will be addressed, including backing for such concepts as the software bill of materials (SBOM) and whether the German BSI should go beyond red security warnings and enforce the SBOM alongside the German Supply Chain Due Diligence Act.

Discussion topics will include:

• From the $10 billion in commercial losses due to NotPetya, to the more recent problems with Log4j, what have we learned from headline incidents concerning supply chain vulnerabilities?
• Looking across different organizations and sectors: where are the biggest gaps in software supply chain security and auditing in organizations today, not least in Germany?
• What other unfolding trends might help in the near term, such as greater government focus on supply chain security and backing for SBOMs?