logo
allArticlesConferencesPresentations

Sponsored Keynote: Trust and Risk in the Software Supply Chain

Conference:  Cloud Native SecurityCon North America 2023

Authors:   Emmy Eide

Summary

The presentation discusses the importance of building a trusted software supply chain to minimize risk and explores the use of open source projects to achieve this. The speaker emphasizes the need for partnership and collaboration between security and development teams to implement security controls throughout the supply chain.
  • Trust in the software supply chain is necessary to avoid disruptions and security breaches
  • Implementing security controls throughout the supply chain is crucial
  • Partnership and collaboration between security and development teams is necessary to implement security controls effectively
  • Articulating the why, what, how, and when of security controls is important
  • Open source projects can be used to build a trusted software supply chain
The speaker highlights the need for partnership and collaboration between security and development teams to implement security controls effectively. They share their experience at Red Hat, where they were able to successfully implement security controls in the supply chain by involving the team creating the standards and guidelines in implementation timelines and understanding how security implementations impact product planning timelines, integration requirements, maintenance, and upkeep. By making security a part of the development process and collaborating on the what, how, and when of security controls, they were able to apply security controls without inhibiting innovation.

Abstract

Building a trusted software supply chain that minimizes risk starts at the very beginning of the development process and continues through the application life cycle. Administering security tests at the end of the development and production cycle or patching running applications is counterproductive to how cloud-native applications are built and secured. Just as automation is key for cloud native development, it’s also critical for cloud native software supply chain security. In this talk, we will explore balancing trust and risk throughout the entire supply chain using open source projects. We will look at why trusted supply chains are necessary, what it means to reduce risk continuously, and how Red Hat is building trust in its own software supply chain using open source technologies.
Materials:
Tags:

Post a comment

Related work

Untrusted Execution: Attacking the Cloud Native Supply Chain

Conference:  KubeCon + CloudNativeCon North America 2022
Authors: Andrew Martin
2022-10-26

Demystifying Zero-Trust for Cloud Native Technologies

Conference:  Cloud Native SecurityCon North America 2023
Authors: Aradhna Chetal, Kishore Nadendla, Mariusz Sabath, Asad Faizi, Philip Griffiths

SLSA FRSCA Recipe For Secure Supply Chain

Conference:  KubeCon + CloudNativeCon North America 2022
Authors: Michael Lieberman, Parth Patel
2022-10-26

Software supply chain safety: lessons from the industrial revolution

Conference:  Global AppSec San Francisco 2022
Authors: Tsvi Korren
2022-11-18

A New Way To Roll: Supply Chain Choreography For Enterprise Grade Kubernetes

Conference:  KubeCon + CloudNativeCon North America 2022
Authors: Kirti Apte, Steve Watkins
2022-10-27

Kubernetes Supply Chain Security: The Software Factory

Conference:  KubeCon + CloudNativeCon North America 2021
Authors: Andrew Martin
2021-10-13