Top 5 Reasons (and 5 Myths Debunked) to Invest in Securing the Software Supply Chain - Hector Linares, Microsoft

less than 1 minute read


The recent Log4j vulnerability and NOBELIUM attack stress the importance of securing the software supply chain across the lifecycle: design, development, compilation, packaging, deployment, and maintenance. Executive Order 14028 mandates “significant investments” to help protect against malicious cyber threats and emphasizes a renewed focus on “enhancing software supply chain security,” including compliance with the NIST Secure Software Development Framework (SSDF). To meet requirements of SSDF, we present a practitioner’s guide for the journey ahead employing the Supply Chain Integrity Model (SCIM), an open-source model for managing data about the security, quality, and integrity of assets across end-to-end supply chains. We show how to maximize ROI in software supply chain security, enabling a trusted platform for the Software Development Lifecycle (SDLC) that extends to partners and customers.Click here to view captioning/translation in the MeetingPlay platform!

Sched URL