Anant Shrivastava
Administrator (Ops) | Developer | Security Professional
Researcher | Trainer | Practitioner
- 15+ years of corporate experience
- 17+ years of training experience
Supply Chain security is a new buzzword for past 2-3 years, the dust is slowly settling and we are now in the phase we people need to evaluate what is going right and what is going wrong.
Large number of organizations, introduced SCA tooling and SBoM creation tooling and called it the day. Has that helped? What has been going on in the world of supply chain security.
In this talk we will explore the Supply chain security not just from a code base dependency prospective but rather wholistic approach to establishing the right controls in the system for a seamless software delivery.
Software supply chain security concerns not just the product organizations creating software of external or internal usage but also for organizations that may be just using the final product as an end user.
From your development environment to production, from downloading binaries from internet to running them on network machines we will explore the 360 degree view of supply chain security, the relevant case studies around the exploitation and what is it that industry or Govt bodies have done towards protecting people or organizations against such attacks.
Audience will leave with a holistic view of how the full supply chain of the software development looks like and thoughts on what are the possible gaps in security they might have in their organizations.
