Back To Schedule
Wednesday, February 13 • 10:30am - 11:00am
Securing Software Supply Chains

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
In October 2018, the topic of technology supply chain attacks landed on the front page of every newspaper in the world when Bloomberg Businessweek broke the “Supermicro” story. While that pertained to an alleged attack on a hardware supply chain (and questions still remain about its accuracy), the scary truth was, and still is, that it’s much easier for bad actors to infiltrate and hack "software" supply chains. With "hardware," you need to physically access something in order to conduct a hack. With software, attacks can be carried out from anywhere.

Today, software development teams are consuming billions of open source components and containerized applications to improve productivity at a massive scale by leveraging open source software supply chains. The good news: they are accelerating time to market. The bad news: many of the components and containers they are using are fraught with defects, including critical security vulnerabilities. While most commercial enterprises and various government agencies are aware of software supply chain threats, cross-industry and governmental knowledge has not been fully coordinated, and proactive measures have been limited. There is little consensus on roles, responsibilities, authorities, and accountability for software supply chain security.

This session will explore recent high-profile software supply chain attacks (e.g., Equifax, India's AADHAAR, CoPay Bitcoin Wallets), including the ease and scale at which they were executed. Derek will also discuss improvements required for software supply chain security and what combination of actions are being implemented or considered to protect, fortify, and defend critical operations, consumers, missions, and core infrastructure. Derek will also share insights on current efforts spanning legislation and regulation, policy, acquisition, and technology aimed at improving software supply chain security.

See the slides.

avatar for Derek Weeks

Derek Weeks

Vice President, Sonatype
Derek E. Weeks is the world's foremost researcher on the topic of securing software supply chains. For the past five years, he has championed the research of the annual State of the Software Supply Chain Report. Derek is a huge advocate of applying proven supply chain management principles... Read More →

Wednesday February 13, 2019 10:30am - 11:00am EST
NRECA Conference Center 4301 Wilson Boulevard, Arlington, VA 22203

Attendees (2)