keynote

Strength, Trust, and Harmony: The Challenges and Opportunities of Software Supply Chain Security

Author:
Trevor Rosen

GitHub, San Francisco, CA, USA

GitHub, San Francisco, CA, USA
View Profile

SCORED'22: Proceedings of the 2022 ACM Workshop on Software Supply Chain Offensive Research and Ecosystem DefensesNovember 2022Pages 1https://doi.org/10.1145/3560835.3563444

Published:08 November 2022Publication History

SCORED'22: Proceedings of the 2022 ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses

Pages 1

ABSTRACT

As we think about enhancing software supply chain security, what does the landscape of threats and opportunities look like? What are useful ways for framing the problem, and how does the industry view the challenge? Where do responsibilities lie? Who has the power to make positive changes or to act with malice? And most importantly, what are the roles and responsibilities of industry, academia, government, and the open source community at large? In this keynote, industry veteran Trevor Rosen will offer some answers to these questions borne from his time at the center of the SolarWinds/SUNBURST breach and his experience in standing up a new supply chain integrity practice at GitHub. You can expect to hear some war stories, some strong opinions, and to walk away inspired to join hands with colleagues from all over the technical landscape to solve a huge (but tractable!) problem in information security.

Index Terms

Strength, Trust, and Harmony: The Challenges and Opportunities of Software Supply Chain Security
1. Security and privacy
  1. Software and application security
    1. Software security engineering
  2. Systems security
    1. Vulnerability management
2. Software and its engineering
  1. Software creation and management

Recommendations

Automatic Security Assessment of GitHub Actions Workflows
SCORED'22: Proceedings of the 2022 ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses

The demand for quick and reliable DevOps operations pushed distributors of repository platforms to implement workflows. Workflows allow automating code management operations directly on the repository hosting the software. However, this feature also ...
Read More
Silver Bullet Talks with Matt Bishop

Gary McGraw interviews Matt Bishop, who has made significant inroads in the commercial side of security, lecturing for the SANS Institute, and focusing much of his writing on security education. He is the author of Computer Security: Art and Science (...
Read More
A Knowledge-driven Framework for Software Supply Chain Security Analysis
CCEAI '24: Proceedings of the 2024 8th International Conference on Control Engineering and Artificial Intelligence

With the rapid development of the software industry, software supply chains have become increasingly complex and diverse. Critical software domains such as operating systems, databases and web servers extensively adopt open source components, which are ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
SCORED'22: Proceedings of the 2022 ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses
November 2022
121 pages
ISBN:9781450398855
DOI:10.1145/3560835
Program Chairs:
Santiago Torres-Arias
Purdue University, USA
,
Marcela Melara
Intel Corporation, USA
,
Laurent Simon
Google Inc., USA
Copyright © 2022 Owner/Author
Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 8 November 2022
Check for updates
Author Tags
software security
software supply chain security
Qualifiers
- keynote
Conference
Upcoming Conference
CCS '24

Sponsor:

sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 0
  Total Citations
  View Citations
- 194
  Total Downloads
- Downloads (Last 12 months)83
- Downloads (Last 6 weeks)8
Other Metrics
View Author Metrics
Cited By
This publication has not been cited yet

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Strength, Trust, and Harmony: The Challenges and Opportunities of Software Supply Chain Security

SCORED'22: Proceedings of the 2022 ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses

ABSTRACT

Cited By

Index Terms

Recommendations

Automatic Security Assessment of GitHub Actions Workflows

Silver Bullet Talks with Matt Bishop

A Knowledge-driven Framework for Software Supply Chain Security Analysis

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Publication History

Check for updates

Author Tags

Qualifiers

Conference

Upcoming Conference

Funding Sources

Other Metrics

Article Metrics

Other Metrics

Cited By

PDF Format

eReader

Digital Edition

Caption

Strength, Trust, and Harmony: The Challenges and Opportunities of Software Supply Chain Security

SCORED'22: Proceedings of the 2022 ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses

ABSTRACT

Cited By

Index Terms

Recommendations

Automatic Security Assessment of GitHub Actions Workflows

Silver Bullet Talks with Matt Bishop

A Knowledge-driven Framework for Software Supply Chain Security Analysis

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Publication History

Check for updates

Author Tags

Qualifiers

Conference

Upcoming Conference

Funding Sources

Article Metrics

Other Metrics

PDF Format

eReader

Digital Edition

Share this Publication link

Share on Social Media