Top 5 Reasons (and 5 Myths Debunked) to Invest in Securing the Software Supply Chain - Hector Linares, Microsoft

less than 1 minute read

Abstract

The recent Log4j vulnerability and NOBELIUM attack stress the importance of securing the software supply chain across the lifecycle: design, development, compilation, packaging, deployment, and maintenance. Executive Order 14028 mandates “significant investments” to help protect against malicious cyber threats and emphasizes a renewed focus on “enhancing software supply chain security,” including compliance with the NIST Secure Software Development Framework (SSDF). To meet requirements of SSDF, we present a practitioner’s guide for the journey ahead employing the Supply Chain Integrity Model (SCIM), an open-source model for managing data about the security, quality, and integrity of assets across end-to-end supply chains. We show how to maximize ROI in software supply chain security, enabling a trusted platform for the Software Development Lifecycle (SDLC) that extends to partners and customers.Click here to view captioning/translation in the MeetingPlay platform!

Sched URL

Video

Twitter Facebook LinkedIn

About

Conferences

Top 5 Reasons (and 5 Myths Debunked) to Invest in Securing the Software Supply Chain - Hector Linares, Microsoft

Abstract

Video

You May Also Enjoy

You Shall Not Pass! Unless You Are GUAC Verified…. - Parth Patel, Kusari & Dejan Bosanac, Red Hat

Living off the Land Techniques in Managed Kubernetes Clusters - Ronen Shustin & Shay Berkovich, Wiz

Leveraging OCI 1.1 for Enhanced SBOM Integration and Vulnerability Scanning in Harbor - Anais Urlichs, Aqua Security & Shengwen Yu, VMware

Lessons Learned from Generating 100M SBOMs: Google’s Approach to SBOM Compliance - Brandon Lum & Isaac Hepworth, Google