SCA Your First Step Toward Supply Chain Security

Logo
Presented by

WhiteSource Director of Product Rhys Arkins and guest Sandy Carielli, principal analyst, Forrester

About this talk

Over the past year, breaches like SolarWinds and Kaseya have made it impossible to ignore the threat of software supply chain attacks. Whether it’s infiltrating the software delivery pipeline, deliberately uploading malicious components to popular repositories or targeting existing vulnerabilities in open source components, attackers are exploiting blind spots in supply chain controls to compromise organizations and their customers. Protecting the software supply chain is a complex challenge that includes code signing, identity and access management, policy and software composition analysis (SCA). In this session, WhiteSource Director of Product Rhys Arkins and guest Sandy Carielli, principal analyst, Forrester, discuss why SCA is crucial to achieving supply chain security and why the increased threat of malicious packages has meant a shift from the traditional “scan and report” SCA approach to a “prevent and defend” supply chain security strategy. Forrester’s perspective will be presented, and different types of threats and their effects will be reviewed.
Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (41)
Subscribers (16937)
Mend, formerly known as WhiteSource, effortlessly secures what developers create. Mend uniquely removes the burden of application security, allowing development teams to deliver quality, secure code, faster. With a proven track record of successfully meeting complex and large-scale application security needs, the world’s most demanding software developers rely on Mend. The company has more than 1,000 customers, including 25 percent of the Fortune 100, and manages Renovate, link here, the open-source automated dependency update project. For more information, visit www.mend.io, the Mend blog, and Mend on LinkedIn and Twitter.