Explore the critical importance of securing the software supply chain in this 22-minute conference talk by Hector Linares from Microsoft. Discover the top 5 reasons to invest in supply chain security and debunk 5 common myths surrounding the topic. Learn about the Supply Chain Integrity Model (SCIM) and its role in managing security, quality, and integrity across end-to-end supply chains. Gain insights into maximizing ROI in software supply chain security and creating a trusted platform for the Software Development Lifecycle (SDLC). Understand the implications of recent vulnerabilities like Log4j and the NOBELIUM attack, as well as the requirements of Executive Order 14028 and the NIST Secure Software Development Framework (SSDF).
Top 5 Reasons and 5 Myths Debunked to Invest in Securing the Software Supply Chain
CNCF [Cloud Native Computing Foundation] via YouTube
Overview
Syllabus
Intro
Supply Chain - in context
SBOM - peeling the onion
Myth: SBOM - Create one and you are done
SCITT Overview
SCITT Architecture
Myth: I can use willpower alone to push through the difficult days
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
-
Supply Chain Security with KubeClarity: Introduction and Implementation
-
Open Source Software Supply Chain Security - Understanding Threats and Best Practices
-
Google SLSA and NIST SSDF - Emerging Software Supply Chain Security Best Practices
-
Securing the Software Supply Chain: From Threats to Best Practices
-
Supercharge Your Software Supply Chain Security Strategy with Multi-SBOM Integration
-
Software Supply Chain Security
