AppSec USA 2016 has ended
Back To Schedule
Thursday, October 13 • 8:00am - 9:00am
Keynote - Software Supply Chain Lifecycle Management: Reducing Attack Vectors and Enabling Rugged DevOps

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

As the cyber threat landscape evolves and as software dependencies grow more complex, understanding and managing risk in the software supply chain is more critical than ever, and it must focus on the entire lifecycle that includes development, acquisition, and DevOps.  The Internet of Things (IoT) is contributing to a massive proliferation of a variety of types of software-reliant, connected devices.  With IoT increasingly dependent upon third-party software of unknown provenance and pedigree, software composition analysis and other forms of testing are needed to determine 'fitness for use' and trustworthiness in terms of quality, security, safety, and licensing.  Application vulnerability correlation and management should leverage automated means for detecting threat indicators, weaknesses, vulnerabilities, and exploits.  Using standards-based automation also enables the exchange of information internally and externally with vendors in the global supply chain for IoT/ICT products.  Addressing supply chain dependencies throughout the lifecycle enables enterprises to harden their attack surface by:  comprehensively identifying exploit targets; understanding how assets are attacked, and providing more responsive course of action mitigations.

avatar for Joe Jarzombek

Joe Jarzombek

Joe Jarzombek is the former Director for Software Assurance in the National Cyber Security Division of the U.S. Department of Homeland Security (DHS). He led government inter-agency efforts with industry, academia, and standards organizations to shift the security paradigm away from... Read More →

Thursday October 13, 2016 8:00am - 9:00am EDT
Grand Ball Room Renaissance Washington, DC Downtown Hotel 999 9th St NW, Washington, DC 20001