The SolarWinds hack represented a very public example of what can happen with a compromised or insecure supply chain. Unfortunately, SolarWinds is not unique. Consider the number of Java and OpenSSL vulnerabilities disclosed during the past decade. Solarwinds does drive home the importance of monitoring your environment and, more particularly, its software supply chain. Of course this raises the question: How can we monitor our supply chain? This session will provide a soup-to-nuts example of the elements you need to build your supply chain analysis tool. It will also identify where you might get some of those elements (for free) and explain key decisions you will need to make along the way.
Understand the components required to develop and implement a strategy to track application components in their environment or products.
Evaluate and communicate application component risks to an internal environment.
Conduct environmental component audits and respond to risks faster.