Learning from Supply Chain Failures and Best Practices in Other Industries

The presentation discusses the importance of automation, verification, and validation in cybersecurity and DevOps, with a focus on supply chain management.

• Automate easy tasks like version bumps and dependency analysis
• Use TDD to reduce manual testing
• Implement automated scans and admission controllers
• Develop a zero trust architecture with strong authentication and least access policies
• Practice and verify backup plans
• Use automation to ensure proper supply chain management

The presentation cites a study on a hospital's blood transfusion system in Spain, where a manual process led to a 48% error rate. Automation and electronic scanning led to a 99% traceability rate and reduced errors.

Supply chains are critical in many industries, but are only gaining attention as vitally important in the software industry in the past couple years. What can we learn from established supply chain best practices, and from the biggest failures in various industry supply chains? How can we apply that to our own work in securing our own critical infrastructure? In this talk we will discuss the evolution of supply chain processes in the physical world. We’ll explore what parts of physical supply chains apply to our work, how they have been implemented in those paradigms, what sorts of failures can and have occurred, and how we can utilize the lessons learned in our own software supply chain pipelines.