Identification: SSD2301
Credits: None available.
Open source software (OSS) is everywhere! Adoption of OSS, knowingly and un-knowingly has drastically increased. From time saving capabilities, to having access to React and Angular and other innovations, there is no denying that OSS has opened up doors of opportunity for good and bad actors alike. From the obvious risks of knowingly using open source, to the challenges of maintaining a software bill of materials (SBOM), to emerging security challenges, methods of identifying and enforcing controls must change. Join our esteemed panelists for a lively discussion on use of OSS in your organization, and what you need to be aware of.
Identification: SSD2302
Credits: None available.
With the current threat environment, it is critical for developers to be able to securely, and rapidly, deploy software updates to their customers. This session will introduce the supporting concepts for securely updating software once deployed. We will cover some of the common pitfalls with software updates that lead to less secure update methods and potential approaches for secure updates with focus will be on automated or semi-automated update mechanisms.
Identification: SSD2303
Credits: None available.
In May 2021 the US White House released an executive order emphasizing SBOMs as a means to boost cybersecurity. Though this seems a novel concept for many, it’s actually a very old notion that’d been practiced in some software circles for decades. What does SBOM mean in today’s digital world where software is much more sophisticated, distributed, and frequently updated than ever before? This panel of industry experts will unpack SBOM and debate its benefits, risks, costs, formats, components, and implementation. They’ll provide practical tips and examples of how to generate & maintain SBOMs in your software development and risk assessment practices.
Identification: SSD2304
Credits: None available.
Given the seemingly never-ending scourge of cyberattacks, something has to change. In this talk, CISA Senior Technical Advisor will dive into CISA’s Secure by Design work, aiming to shift the responsibility of cybersecurity onto those most capable – the technology manufacturers.
Identification: SSD2305
Credits: None available.
In this presentation, I'll discuss some of the challenges of keeping computer programs safe as they go from software developers to users. We'll start by explaining Sigstore and its main tools and parts, which we'll break down into simple pieces. We'll also discuss how to set up Sigstore in your software process. Finally, we'll share some real stories of how Sigstore has already protected software in the real world, so you can see why it's so important.
Identification: SSD2306
Credits: None available.
In our closing session, we will unpack the many facets of the EU Cyber Resilience Act (CRA). The EU CRA seeks to ensure that manufacturers making products with digital elements are more secure throughout the product lifecycle, creating a unified cybersecurity framework to make it easier for hardware and software makers to comply, increase transparency about security features of products with digital elements, and help businesses and consumers use products with digital elements securely. The session will answer questions– such as who this applies to, what a security manager might need to consider vs a product developer, what is the implementation approach? This session is designed to answer these questions and talk about the core components of the EU CRA that you need to know now.