With new software supply chain attacks reaching the spotlight at an accelerating pace, security research uncovering novel attack methods, and new mandates and guidelines starting to come into effect — it can be hard to stay on top of the latest developments and their implications.
Catch this session to see a break down the recent news related to software supply chain security and what you can do to meet new requirements and protect your software from such attacks.
Get a technical deep-dive on:
- Recent software supply chain attacks and the attack methods behind them (eg: namesquatting and placement of malicious libraries in commonly used repositories)
- Progress in standards and guidelines such as the White House Executive Order on Improving the Nation’s Cybersecurity and what action they will require
- Best practices when incorporating a shift-left security strategy into your SDLC to effectively manage software supply chain risks
- Software bill of materials (SBOM) – what you should track and how to manage it as an integrated part of your SDL
Plus, additional Assets to check out:
- Talk Slides
- It’s Time to Get Hip to the SBOM
- A Year of Supply Chain Attacks: How to Protect Your SDLC
- US Executive Order on Cybersecurity: What it Means for DevOps
- JFrog Detects Malicious PyPI Packages Stealing Credit Cards and Injecting Code
- Critical Vulnerability in HAProxy (CVE-2021-40346): Integer Overflow Enables HTTP Smuggling