Event Recap: Securing the Cyber/Software Supply Chain

As a first step in understanding software supply chain security, Brian Hajost, Founder/COO of SteelCloud, clarified that “Supply chain security is cyber security. It’s one in the same.” While this helps as a starting point, there are also a number of factors that affect the security of supply chains, including “unauthorized code that runs across enterprises”, according to Faisal Razzak with Venafi who also said that, as an agency, “if you are unable to answer the question, ‘Are you allowing unauthorized code to run in your environment?’, risks are unknown and unquantified.” Given this factor and a number of others, what are some ways agencies can greater secure their supply chain? From RedHat’s Travis Steele’s perspective, “there are significant benefits that can be gained” by automation, including “continuous integration, continuous development…and the building, testing, deployment, and speeding up of that delivery.”

During this two-hour conference, a number of experts addressed the following in greater detail:

• Update on and access to NIST SP 800-204D report: Strategies for the Integration of Software Supply Chain Security in DevSecOps CI/CD Pipelines
• Common hurdles agencies face in securing their supply chain
• Positive steps that agencies can take immediately
• What to consider about Artifact Management within the supply chain
• How automation can be leveraged to streamline and/or accelerate the cyber supply chain
• Supply chain mandates and how they affect software suppliers
• How to simplify software supply chain efforts with a software quality framework
• How the supply chain will involve FedRAMP and what are agency responsibilities
• Where government staff should get more involved with organizations in supporting the supply chain
• The implications of unauthorized code in your agency and how to address it

Sponsors: RedHat, SteelCloud, Venafi