Session
Secure Your Software Supply Chain: The Three Things Each Developer Should Know
The cost of cybercrime is increasing at a staggering rate, poised to almost equal US GDP by 2027. Cybercrime syndicates are becoming increasingly professional, with elaborate scams to get your data and money. These days, their tool of choice is software supply chain attacks:
- around 61% of US firms were affected by a supply chain attack
- supply chain attacks had 40% more victims than malware in 2022
- a supply chain attack will impact 45% of the global companies
During the current presentation, We will look at what we can do now to ensure we are not part of the above stats.
Initially, we will look at the threat landscape and understand why the traditional moat couldn't protect us from Log4Shell, Spring4Shell, or other similar threats. But also, how the invasion of Ukraine changed the current landscape.
In the second part, we will look at what we can do now to ensure we are not part of the above stats. We will learn what makes a security scanner tremendous and what to look into when building a DevSecOps toolchain.
In the last section, we will zoom in on the software supply chain regulations trends that will ensure the future is brighter, safer, and more transparent.
SBOM - for transparency for both our dependencies and dependents. Not only for software but also for the Gen AI models
Reproducible Builds - for having the mechanisms to double-check the builds we use, providing the certainty that what we want is what we get even if we download binaries
SigStore - the new development in terms of signing builds. Which will ensure more accountability for the code provided.
Everything will be made practical with real-world examples and demonstration of state-of-the-art tooling.
Steve Poole
Director Developer Advocacy, Sonatype
London, United Kingdom
Links
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top