logo
allArticlesConferencesPresentations

Maslow's Hierarchy of Supply Chain Needs

Conference:  SupplyChainSecurityCon 2022

2022-06-21

Authors:   Josh Bressers

Summary

The presentation discusses the importance of understanding the order of steps in supply chain management and the need to prioritize solutions based on the problem at hand.
  • Understanding the order of steps in supply chain management is crucial to effectively addressing problems
  • Prioritizing solutions based on the problem at hand is more effective than blindly implementing solutions
  • The speaker shares an anecdote about the challenges of vulnerability scanning and the importance of building a vulnerability management system
  • The speaker emphasizes the importance of having an S-bomb as the foundation of supply chain management
The speaker shares a story about their experience with vulnerability scanning and the challenges of managing a large number of false positives. They emphasize the importance of having a vulnerability management system and an S-bomb as the foundation of supply chain management.

Abstract

Lately everyone is talking about software supply chain security. There are many different angles and messages along with an abundance of concepts and acronyms to absorb: SBOM, SLSA, SSDF, vulnerability management, Sigstore, and reproducibility to name a few. It’s hard to know which tasks are most important when starting on a supply chain security journey. What if we discussed supply chain security in the context of Maslow’s Hierarchy of Needs? Just like Maslow’s Hierarchy of Needs teaches us, there are certain needs that must be met first. The needs at the bottom are less complex than the needs at the top. The software supply chain is no different. When we work to incorporate supply chain security into our organizations and projects the approach needs to be incremental change, there is no way we can do everything at once. Every organization is different and trying to decide what to do first can be a paralyzing decision. This session will present a new way to think about supply chain security that turns what appears to be an insurmountable challenge into clear steps. Attendees will learn how to simplify and prioritize supply chain security. Armed with that knowledge, attendees can create an action plan to make complex decisions around supply chain management.
Materials:
Slides
Tags:
software supply chain security
SBOM
SLSA
SSDF
vulnerability management

Post a comment

Related work

REBOOTING CRITICAL INFRASTRUCTURE PROTECTION

Conference:  Defcon 29
Authors:
2021-08-01

These are the Vulns You are Looking For: AppSec Champions & Jedi Mind Tricks

Conference:  OWASP 20th Anniversary Event
Authors: John Dickson
2021-09-24

The Various Shades of Supply Chain: SBOM, N-Days and Zero Trust

Conference:  Black Hat Asia 2023
Authors: Alex Matrosov, Richard Hughes, Kai Michaelis
2023-05-12

Lessons Learned from Automating SLSA-Compliance Evaluation - Daniel Nebenzahl, Scribe

Conference:  SupplyChainSecurityCon 2022
Authors: Daniel Nebenzahl
2022-06-21

Protecting Ourselves from CNCFgate. Software Supply Chain Security at CNCF - Practices, and Tools - Andres Vega & Emily Fox, CNCF SIG

Conference:  KubeCon + CloudNativeCon Europe 2021
Authors: Emily Fox, Andres Vega, Jonathan Meadows

Secure Supply Chain through Automation - with CSAF, VEX and SBOM

Conference:  RSA Conference 2022
Authors:
2022-06-06