The Path to a Sustainable Software Supply Chain

Presented by

Shane Coughlan, GM, OpenChain (Linux Foundation)

About this talk

Software supply chain security has dominated the headlines in recent months following a series of events (including the SolarWinds hack and the Biden Administration’s executive order). But maintaining the integrity of your software supply chain is about more than just traditional vulnerability remediation. Our modern threat landscape has elevated the importance of supply chain sustainability, which includes areas like software provenance and lifecycle management in addition to known vulnerability mitigation. Join Shane Coughlan, GM of OpenChain (a Linux Foundation project) for a conversation on the importance of supply chain sustainability and practical steps your organization can take to strengthen supply chain integrity. We’ll discuss: -The evolution of software supply chain threats -The importance of software provenance, such as package origin, maintainers, and quality -Questions to ask vendors to gauge the sustainability of proprietary software -Indicators of sustainable open source software
Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (60)
Subscribers (6425)
Up to 90% of any piece of software is from open source, creating countless dependencies and areas of risk to manage. FOSSA is the most reliable automated policy engine for vulnerability management, license compliance, and code quality across the open source stack. With FOSSA, engineering, security, and legal teams all get complete and continuous risk mitigation for the entire software supply chain, integrated into each of their existing workflows.