RSAC 365 Virtual Seminar: Supply Chain Security (Part 2)


Posted on in Videos

Session 1: Tracking Attackers in Open-source Supply Chain Attacks—the New Frontier

This talk will discuss the threat landscape of open-source software. This session is intended for anyone relying on open source packages who want to fully understand their entire software supply chain and the threats that come with it to protect themselves and their customers adequately. I will also discuss how threat intelligence can be used to stop attacks before they can cause any harm.

Presenter: Jossef Harush Kadouri, Head of Supply Chain Security, Checkmarx

 

Session 2: Hacking Any Organization Through the Software Supply Chain

This session will provide the right toolset for each type of defender. Topics discussed will include different frameworks (SLSA, SAMM, BSIMM, SAFECode, SSDF, BSA, CMCC ) to conclude who can benefit from what. Some of these are very hands-on while others come from a compliance angle. Attendees of this session will leave having learned what they can do against supply chain attacks. Everyone from a down-in-the-dirt developer to a compliance oriented CISO will take away ideas for their individual starting point.

Presenter: Felix Leder, Senior Director, Crosspoint Labs

 

Session 3: Control What We Can—Open Source Incidents and How We Respond

 In recent years, there has been a sharp rise in supply chain attacks, a type of cyber attack that targets the systems and networks of third-party vendors or suppliers in order to gain access to the systems of a larger target organization. These attacks that were happening once or twice a year are now happening several times a quarter or even a month. These attacks can be difficult to detect and defend against, as the initial point of entry is often a trusted source, making them a significant threat to organizational security. In this session, we will talk about how, as an industry, we need to shift our thinking about supply chain attacks incident response away from a pure security problem to a more organization-wide operational event.

Presenter: Jen Trahan, SVP of Product, Application, Cloud Security , Warner Bros. Discovery


Contributors
Tal Folkman

Senior Security Researcher, Checkmarx

Jossef Harush Kadouri

Head of Supply Chain Security, Checkmarx

Felix Leder

Senior Director, Crosspoint Labs

Jen Trahan

SVP of Product, Application, Cloud Security , Warner Bros. Discovery

Shamla Naidoo

Moderator

Head of Cloud Strategy & Innovation, Netskope


Share With Your Community