Recent examples of security attacks in the software supply chain have made it clear more needs to be done. Recent examples such as the Log4j vulnerability and SolarWinds attack have raised the profile of these types of incidents. The increasing use of off- the- shelf and open source software has created a greater attack surface for applications. However, there are ways to manage this risk with due diligence in purchasing and reusing software. An important component of supply chain risk management is software composition analysis (SCA) and the software bill of materials (SBOM) which provides a way to communicate software composition both internally and externally to your organization.
In this session you will learn:
- How to secure your software supply chain
- What a software bill of materials (SBoM) is and how to leverage them to manage software supply chain risk
- Where the industry is going and what the future holds for managing the software supply chain
Allan Friedman, PhD - Cybersecurity and Infrastructure Security Agency
Caleb Queern - KPMG Cyber Security Services