Open Source Software: The Good, The Bad, The Ugly iconOpen Source Software: The Good, The Bad, The Ugly

Open Source Software: The Good, The Bad, The Ugly

Nov 8, 2023 10:00am ‐ Nov 8, 2023 10:45am

Identification: SSD2301

Credits: None available.

Open source software (OSS) is everywhere! Adoption of OSS, knowingly and un-knowingly has drastically increased. From time saving capabilities, to having access to React and Angular and other innovations, there is no denying that OSS has opened up doors of opportunity for good and bad actors alike. From the obvious risks of knowingly using open source, to the challenges of maintaining a software bill of materials (SBOM), to emerging security challenges, methods of identifying and enforcing controls must change. Join our esteemed panelists for a lively discussion on use of OSS in your organization, and what you need to be aware of.

Speaker(s):

Secure Software Updates - An Introduction iconSecure Software Updates - An Introduction

Secure Software Updates - An Introduction

Nov 8, 2023 10:55am ‐ Nov 8, 2023 11:55am

Identification: SSD2302

Credits: None available.

With the current threat environment, it is critical for developers to be able to securely, and rapidly, deploy software updates to their customers. This session will introduce the supporting concepts for securely updating software once deployed. We will cover some of the common pitfalls with software updates that lead to less secure update methods and potential approaches for secure updates with focus will be on automated or semi-automated update mechanisms.

Speaker(s):

Deep Dive into SBOM iconDeep Dive into SBOM

Deep Dive into SBOM

Nov 8, 2023 12:05pm ‐ Nov 8, 2023 1:05pm

Identification: SSD2303

Credits: None available.

In May 2021 the US White House released an executive order emphasizing SBOMs as a means to boost cybersecurity. Though this seems a novel concept for many, it’s actually a very old notion that’d been practiced in some software circles for decades. What does SBOM mean in today’s digital world where software is much more sophisticated, distributed, and frequently updated than ever before? This panel of industry experts will unpack SBOM and debate its benefits, risks, costs, formats, components, and implementation. They’ll provide practical tips and examples of how to generate & maintain SBOMs in your software development and risk assessment practices.

Speaker(s):

Secure by Design: CISA's Plan to Foster Tech Ecosystem Security iconSecure by Design: CISA's Plan to Foster Tech Ecosystem Security

Secure by Design: CISA's Plan to Foster Tech Ecosystem Security

Nov 9, 2023 10:00am ‐ Nov 9, 2023 11:00am

Identification: SSD2304

Credits: None available.

Given the seemingly never-ending scourge of cyberattacks, something has to change. In this talk, CISA Senior Technical Advisor will dive into CISA’s Secure by Design work, aiming to shift the responsibility of cybersecurity onto those most capable – the technology manufacturers.

Speaker(s):

SigStore to Secure the Code Supply Chain iconSigStore to Secure the Code Supply Chain

SigStore to Secure the Code Supply Chain

Nov 9, 2023 11:10am ‐ Nov 9, 2023 12:10pm

Identification: SSD2305

Credits: None available.

In this presentation, I'll discuss some of the challenges of keeping computer programs safe as they go from software developers to users. We'll start by explaining Sigstore and its main tools and parts, which we'll break down into simple pieces. We'll also discuss how to set up Sigstore in your software process. Finally, we'll share some real stories of how Sigstore has already protected software in the real world, so you can see why it's so important.

Speaker(s):

What You Need to Know About the EU Cyber Resilience Act iconWhat You Need to Know About the EU Cyber Resilience Act

What You Need to Know About the EU Cyber Resilience Act

Nov 9, 2023 12:20pm ‐ Nov 9, 2023 1:05pm

Identification: SSD2306

Credits: None available.

In our closing session, we will unpack the many facets of the EU Cyber Resilience Act (CRA). The EU CRA seeks to ensure that manufacturers making products with digital elements are more secure throughout the product lifecycle, creating a unified cybersecurity framework to make it easier for hardware and software makers to comply, increase transparency about security features of products with digital elements, and help businesses and consumers use products with digital elements securely. The session will answer questions– such as who this applies to, what a security manager might need to consider vs a product developer, what is the implementation approach? This session is designed to answer these questions and talk about the core components of the EU CRA that you need to know now.

Speaker(s):