Supply chain security; addressing risk and dependencies issues the right way (with open source!)

Presented at May Contain Hackers (MCH2022), July 23, 2022, 8 p.m. (50 minutes).

Looking at truly addressing Supply Chain security, and not just the supply chain vulnerabilities side of things. l will share what approach/tools you can use to address this - what better from open source OWASP tools.

How are Security Risks and Vulnerability differ? What are the challenges organisations are facing. Showcasing Log4shell issue and explaining why is it important to address such issues.

Looking at truly addressing Supply Chain security, and not just the supply chain vulnerabilities side of things. l will share what approach/tools you can use to address this - what better from open source OWASP tools.

How are Security Risks and Vulnerability differ? What are the challenges organisations are facing. Showcasing Log4shell issue and explaining why is it important to address such issues.

Go over (and run a demo!) of how OWASP Dependency-Track can be utilized (https://owasp.org/www-project-dependency-track/ https://dependencytrack.org ), utilizing SBOM (Software Bill of Materials), (https://owasp.org/www-community/Component_Analysis#software-bill-of-materials-sbom), providing capabilities that traditional Software Composition Analysis (SCA) solutions don’t achieve achieve.

I will share the insights from back then when we started with Supply chain and where we are. Why we are still facing issues with Supply chain like Solarwinds attack etc.


Presenters:

Links:

Similar Presentations: