Sponsored Session: Because Security Matters: Securing Your Open Source Supply Chain
Conference: SupplyChainSecurityCon 2022
2022-06-22
Authors: Don Vosburg, Aaron Conklin
Summary
The presentation discusses the importance of software security in organizations and how to maintain it while reducing the surface area. It emphasizes the need for partnering with companies that specialize in security to handle the burden. The presentation also covers key concepts of security such as confidentiality, integrity, availability, authenticity, non-repudiation, accountability, and anonymity. The speaker highlights the ebb and flow between openness and closeness needed for a functional environment and security. The presentation also discusses security certifications and standards such as Common Criteria, NIAP, DISA's Security Technology Information Guides, Phipps 140.3 Standard, and CIS Benchmarks.
- Partnering with companies that specialize in security can help reduce the burden of maintaining software security while still ensuring overall security
- Key concepts of security include confidentiality, integrity, availability, authenticity, non-repudiation, accountability, and anonymity
- There is an ebb and flow between openness and closeness needed for a functional environment and security
- Security certifications and standards such as Common Criteria, NIAP, DISA's Security Technology Information Guides, Phipps 140.3 Standard, and CIS Benchmarks are important for maintaining software security
Abstract
As network and application security capabilities continue to improve, the software supply chain is becoming a viable threat vector. This session will present an overview of the threat landscape and provide a case study in how SUSE moved to secure its part of the open source codebase. Delve into the implications of the most common software security certifications and how they shaped SUSE’s people, processes, and tools on our journey towards supply chain security for open source.
Materials: