Mitigating Software Supply Chain Risk
Massive exploits such as the recent Log4j/Log4shell vulnerability are a sign that open source software best practices are still evolving. Furthermore, the risk of mismanaging — or worse, ignoring — open source vulnerabilities is only becoming greater.

With the robust use of open source software and software supply chains here to stay, this executive roundtable addresses how you can manage the risks they pose - focusing in on the Oiltanking GmbH cyber-attack.

Attendees will discuss how to proactively protect enterprise networks, audit open source software, and secure software supply chains. The impact of greater government focus on this domain will be addressed, including backing for such concepts as the software bill of materials (SBOM) and whether the German BSI should go beyond red security warnings and enforce the SBOM alongside the German Supply Chain Due Diligence Act.

Discussion topics will include:

  • From the $10 billion in commercial losses due to NotPetya, to the more recent problems with Log4j, what have we learned from headline incidents concerning supply chain vulnerabilities?
  • Looking across different organizations and sectors: where are the biggest gaps in software supply chain security and auditing in organizations today, not least in Germany?
  • What other unfolding trends might help in the near term, such as greater government focus on supply chain security and backing for SBOMs?
Ilkka Turunen
Ilkka Turunen
Field CTO

Sonatype
Tony Morbin
Tony Morbin
Executive Editor

ISMG
Watch a brief video on the topic.
September 15, 2022 | 06:00 - 08:30 pm CEST | The Grand, Berlin
Sponsored By
Sonatype

More than 10 million software developers rely on Sonatype to innovate faster while mitigating security risks inherent in open source. Sonatype’s Nexus platform combines in-depth component intelligence with real-time remediation guidance to automate and scale open source governance across every stage of the modern DevOps pipeline. Sonatype is privately held with investments from TPG, Goldman Sachs, Accel Partners and Hummer Winblad Venture Partners. Learn more at www.sonatype.com

ISMG Brands

ISMG’s 30 global media properties provide security professionals with industry and geo-specific news, research and educational events.

September 15, 2022 | 06:00 - 08:30 pm CEST

Mitigating Software Supply Chain Risk