Emerging Best Practices in Software Supply Chain Security: What We Can Learn from Google, the White House, OWASP, and Gartner

Presented at BSidesSF 2022 Rescheduled, June 4, 2022, 3:30 p.m. (25 minutes)

Attackers are taking advantage of insecure software deployment pipelines; the White House, OWASP, Google, and others have released guidelines on best practices in response. We will break down the key takeaways and compile a list of best practices for mitigating software supply chain security risk.

Presenters:

• Tony Loehr - Cycode
  Tony Loehr is the Developer Advocate for Cycode. Their prerogative is to make it easy for developers to use the Cycode platform, and to help protect data through knowledge sharing. They have professional experience with engineering, marketing, and sales and bring a unique perspective on how to implement comprehensive cybersecurity solutions. They value being a lifelong learner and aim to help teach cybersecurity solutions to people with varying degrees of technical knowledge.

Links:

• https://bsidessf2022.sched.com/event/rjpk/emerging-best-practices-in-software-supply-chain-security-what-we-can-learn-from-google-the-white-house-owasp-and-gartner

Similar Presentations:

• May Contain Hackers (MCH2022) / Supply chain security; addressing risk and dependencies issues the right way (with open source!)
• AppSec USA 2016 / Making Invisible Things Visible: Revealing Secrets from 25,000 Applications
• BSidesLV 2019 / Supply Chain Security