Dates
Conferences
Tags
Sort by:
Most recent
Conference: Global AppSec Dublin 2023
Authors: Vinod Anandan, Meha Bhargava, Niklas Jan Duster
2023-02-15
With the need to deliver software faster to clients, it is typical not to "reinvent the wheel" and instead rely on open source/3rd party components.With increased adoption of open source/3rd party components the complexity and inherited risk of software supplychain is rising. It is crucial to have a complete and accurate inventory of the open source/3rd party component usage and risk associated with it."Our software supply chain security is our responsibility".In order to achieve a complete inventory, Bill Of Material (BOM) is a fundamental building block. OWASP Dependency Track consumes BOM and helps to continuously monitor risk associated with these components.In this talk, we will explain and demonstrate OWASP Dependency Track and how it can be a foundational platform to add to your arsenal of tools to improve software supplychain security.
Tags:
Conference: SupplyChainSecurityCon 2022
Authors: Bill Bensing
2022-06-22
tldr - powered by Generative AI
The presentation discusses the implementation of modern governance and automated governance in software delivery capabilities. It highlights the importance of establishing open visibility within the organization to drive trust and reshape the socio-technical construct. The main thesis is to automate control gates and remove the cognitive load of understanding tools in depth to allow for a standard centralized understandable way for the organization.
- The need for a next generation of software delivery capabilities beyond automation to autonomous and industrial scales
- The concept of software factories to remind us of the importance of delivery
- The importance of establishing open visibility within the organization to drive trust
- The implementation of modern governance and automated governance in software delivery capabilities
- The automation of control gates to remove the cognitive load of understanding tools in depth
- The externalization of policy application from the tools themselves to other centralized systems