The quest to identify and address risks in someone else's software product is not for the faint-of-heart! It requires close coordination, cooperation and, ultimately, consent from your business partners - both inside and outside of your organization. How do we standardize an approach to managing software supply chain risks that is both reasonable and fair to our suppliers - and business units that rely on them - without compromising on security and exposing our organization to unacceptable risks?

In this session you will learn:

• How to achieve and formalize internal consensus about your organization's risk tolerance for third-party software
• How to tailor diligence approaches appropriate for that level of risk tolerance
• How to avoid the traps of exceptions and risk acceptances