logo

Sponsored Keynote: Trust and Risk in the Software Supply Chain

Authors:   Emmy Eide


Summary

The presentation discusses the importance of building a trusted software supply chain to minimize risk and explores the use of open source projects to achieve this. The speaker emphasizes the need for partnership and collaboration between security and development teams to implement security controls throughout the supply chain.
  • Trust in the software supply chain is necessary to avoid disruptions and security breaches
  • Implementing security controls throughout the supply chain is crucial
  • Partnership and collaboration between security and development teams is necessary to implement security controls effectively
  • Articulating the why, what, how, and when of security controls is important
  • Open source projects can be used to build a trusted software supply chain
The speaker highlights the need for partnership and collaboration between security and development teams to implement security controls effectively. They share their experience at Red Hat, where they were able to successfully implement security controls in the supply chain by involving the team creating the standards and guidelines in implementation timelines and understanding how security implementations impact product planning timelines, integration requirements, maintenance, and upkeep. By making security a part of the development process and collaborating on the what, how, and when of security controls, they were able to apply security controls without inhibiting innovation.

Abstract

Building a trusted software supply chain that minimizes risk starts at the very beginning of the development process and continues through the application life cycle. Administering security tests at the end of the development and production cycle or patching running applications is counterproductive to how cloud-native applications are built and secured. Just as automation is key for cloud native development, it’s also critical for cloud native software supply chain security. In this talk, we will explore balancing trust and risk throughout the entire supply chain using open source projects. We will look at why trusted supply chains are necessary, what it means to reduce risk continuously, and how Red Hat is building trust in its own software supply chain using open source technologies.

Materials:

Tags:

Post a comment