Whether teams are assembling or writing their own software, organizations are trying to address risk using the appropriate initiatives, frameworks, and tools. That’s why establishing trust with partners and vendors is critical to managing risks. This seminar will identify the top supply chain security concerns, share best practices for establishing trust, and provide focused and action-oriented insight for supply chain security.
The first and last sessions will be followed by a 20-25 minute Q&A.
June 8, 2023 | 12:00 AM ET in Virtual Seminars
Most technology teams no longer write their own software, they assemble solutions, they are relying more on the internet for transport vs. building private networks and the dependence on third parties for special capability is increasing. Decision makers must confront the risks introduced by these practices, without full authority over the people. The decisions, controls and contracts can impact the business relationships with supply chain partners. This panel will discuss best practices for establishing trust across supply chains and provide focused and action-oriented insight for shifting from the "inspect the technology" mindset toward "establishing trust in the relationship".
Moderator: Shamla Naidoo
Panelists: Joanna Burkey, Kris Lovejoy, Rinki Sethi
Session 2: Tracking Attackers in Open-source Supply Chain Attacks—the New Frontier
This talk will discuss the threat landscape of open-source software. This session is intended for anyone relying on open source packages who want to fully understand their entire software supply chain and the threats that come with it to protect themselves and their customers adequately. I will also discuss how threat intelligence can be used to stop attacks before they can cause any harm.
Presenter: Tal Folkman, Jossef Harush Kadouri
Session 3: Hacking Any Organization Through the Software Supply Chain
This session will provide the right toolset for each type of defender. Topics discussed will include different frameworks (SLSA, SAMM, BSIMM, SAFECode, SSDF, BSA, CMCC ) to conclude who can benefit from what. Some of these are very hands-on while others come from a compliance angle. Attendees of this session will leave having learned what they can do against supply chain attacks. Everyone from a down-in-the-dirt developer to a compliance oriented CISO will take away ideas for their individual starting point.
Presenter: Felix Leder
Session 4: Control What We Can—Open Source Incidents and How We Respond
In recent years, there has been a sharp rise in supply chain attacks, a type of cyber attack that targets the systems and networks of third-party vendors or suppliers in order to gain access to the systems of a larger target organization. These attacks that were happening once or twice a year are now happening several times a quarter or even a month. These attacks can be difficult to detect and defend against, as the initial point of entry is often a trusted source, making them a significant threat to organizational security. In this session, we will talk about how, as an industry, we need to shift our thinking about supply chain attacks incident response away from a pure security problem to a more organization-wide operational event.
Presenter: Jen Trahan