Using CNCF Best Practices for Software Supply Chain to Guide and Enhance Your Security Posture - Ryan Gibbons, 3m & Conor Rogers, Stelligent
Abstract
In this presentation the 3M team will describe how CNCF best practices were used to inform requirements for secure software development capabilities throughout the 3M software supply chain and our journey to improve the code security posture. The team will describe how CNCF best practices were used to evangelize an improved security policy and inform Security, Legal, Risk and Delivery Management functions. Using the CNCF best practices the 3M team will tell the story of how these best practices were used to enhance policy, process, procedure and build across the Software Development Lifecycle. We will tell our story of Securing The Software Supply Chain with a particular emphasis on Opensource Components and we will share how our efforts to date have helped the organization to respond to and prepare for Supply Chain Attacks and vulnerabilities such as Log4J. Finally we will hope to help the community on accelerating their journey to the standards based SBOM (Software Bill Of Materials).Click here to view captioning/translation in the MeetingPlay platform!