From the SolarWinds breach to ransomware shutdowns of hospitals and automotive giants, software supply chain attacks are causing billions in damages and threatening national security. Meanwhile, the software we depend on is increasingly assembled from third-party and open-source components that organizations often can't even inventory, much less let alone secure.

We'll connect the dots between the rise of software-defined everything, the explosive growth of open-source dependencies, and the mounting wave of supply chain compromises. He'll walk through the sobering data: 57% of breaches trace back to unpatched software, 89% of codebases contain open-source components more than four years out of date, and 98% of organizations use at least one vendor that's been breached in the past two years.

But this isn't all a doom-and-gloom talkm we'll demystify Software Bills of Materials (SBOMs). What they are, why Executive Order 14028 now requires them for government software vendors, and how they serve as a foundation for vulnerability management, license compliance, and zero-trust architecture.

Attendees will learn the three accepted SBOM formats (SPDX, CycloneDX, SWID), explore Software Composition Analysis (SCA) tools, and understand how Vulnerability Exploitability eXchange (VEX) helps separate real risk from noise. The session closes with a call to action around CISA's Secure by Design principles and practical steps every organization can take today.

Agenda:
- Software-Defined Everything
- The Changing Nature of Software Development and Attacks
- Increasing Use of Free and Open-Source Software (FOSS)
- Third-Party and Fourth-Party Risk
- Supply Chain Attacks in the Wild
- Software Bill of Materials (SBOM)
- Secure by Design / Secure by Default
- Key Takeaways and Call to Action
- Q&A