Software Supply Chain Lifecycle Management: Reducing Attack Vectors and Enabling Rugged DevOps

Explore a keynote address from AppSecUSA 2016 focusing on Software Supply Chain Lifecycle Management and its role in reducing attack vectors and enabling Rugged DevOps. Delve into the evolving cyber threat landscape and the growing complexity of software dependencies, emphasizing the critical importance of managing risk throughout the entire software lifecycle. Examine the impact of the Internet of Things (IoT) on software security, discussing the need for software composition analysis and testing to ensure trustworthiness in quality, security, safety, and licensing. Learn about the importance of application vulnerability correlation and management, leveraging automated means for detecting threat indicators, weaknesses, vulnerabilities, and exploits. Discover how standards-based automation facilitates information exchange within the global supply chain for IoT/ICT products. Gain insights from Joe Jarzombek, former Director for Software & Supply Chain Assurance for DHS NCSD, on hardening enterprise attack surfaces through comprehensive identification of exploit targets, understanding attack methodologies, and implementing responsive course of action mitigations.