ABSTRACT
As we think about enhancing software supply chain security, what does the landscape of threats and opportunities look like? What are useful ways for framing the problem, and how does the industry view the challenge? Where do responsibilities lie? Who has the power to make positive changes or to act with malice? And most importantly, what are the roles and responsibilities of industry, academia, government, and the open source community at large? In this keynote, industry veteran Trevor Rosen will offer some answers to these questions borne from his time at the center of the SolarWinds/SUNBURST breach and his experience in standing up a new supply chain integrity practice at GitHub. You can expect to hear some war stories, some strong opinions, and to walk away inspired to join hands with colleagues from all over the technical landscape to solve a huge (but tractable!) problem in information security.
Index Terms
- Strength, Trust, and Harmony: The Challenges and Opportunities of Software Supply Chain Security
Recommendations
Automatic Security Assessment of GitHub Actions Workflows
SCORED'22: Proceedings of the 2022 ACM Workshop on Software Supply Chain Offensive Research and Ecosystem DefensesThe demand for quick and reliable DevOps operations pushed distributors of repository platforms to implement workflows. Workflows allow automating code management operations directly on the repository hosting the software. However, this feature also ...
Silver Bullet Talks with Matt Bishop
Gary McGraw interviews Matt Bishop, who has made significant inroads in the commercial side of security, lecturing for the SANS Institute, and focusing much of his writing on security education. He is the author of Computer Security: Art and Science (...
A Knowledge-driven Framework for Software Supply Chain Security Analysis
CCEAI '24: Proceedings of the 2024 8th International Conference on Control Engineering and Artificial IntelligenceWith the rapid development of the software industry, software supply chains have become increasingly complex and diverse. Critical software domains such as operating systems, databases and web servers extensively adopt open source components, which are ...
Comments