Please join us and select industry practitioners to learn about leading practices for design and execution of a successful software supply chain security programme.
The number of software supply chain security (SSCS) attacks has increased exponentially due to:
- Heavy reliance on open-source code and third-party software components vs Internal Build Code when building a software product
- Multiple vulnerable points throughout the supply chain lifecycle
- Ability to target multiple customers by exploiting vulnerability in a component for one software product makes software supply chain attacks inherently more lucrative.
Regulatory scrutiny on SSCS has been steadily rising and most organisations/ software product suppliers are not adequately mature to effectively manage software supply chain attacks.
Topics for discussion:
- Industry trends and regulatory landscape (e.g., SBOM requirements, EO 14028, DHS Risk Management Act 2021, FDA, NIS 2 Directive, EU Cyber Resiliency Act etc.)
- SSCS programme governance
- Generating and maintaining SBOM
- Adopting risk management strategy to assess and manage SSCS lifecycle including contracting
- Building a SSCS risk aware culture
- Upcoming developments such as adopting SBOM, enhancing container security, evolving industry standards, composable software application architecture, integrating supply chain services, etc.
