SolarWinds and the more recent 3CX attack put software supply chain security front and center for organizations. While they recognize risk is enterprise-wide, traditional app sec tools are not up to the job. Learn why modern tooling and a mature supply chain security program are now a requirement for managing software risk.
In ReversingLabs’ new Software Supply Chain Security Risk Report, Chris Wilder, Research Director at TAG Cyber and author of the report, will analyze the key findings from a Dimensional Research survey of more than 300 IT pros, which found:
✓ 88% say software supply chain security presents an enterprise-wide risk to their organizations.
✓ 74% say traditional app sec testing tools alone are not enough to protect against software supply chain risk.
✓ 65% say their organizations lack a mature software supply chain security solution.
Matt Rose, Field CISO at ReversingLabs, co-author of the report, will discuss the evolution of application security — and how a mature software supply chain security approach is now a requirement for managing risk.
1. Go beyond the components alone (open source, etc.) and evaluate your complete application package as a whole.
2. Analyze your package at the critical post-compilation/pre-deployment stage.
3. Review the analysis to identify which behaviors the package is designed to do — and compare them with what the program actually does.
✓ The software supply chain pain points for modern development organizations
✓ How gaps in existing application security tooling leave development organizations and security teams exposed to supply chain attacks.
✓ The limitations of narrowly scoped software supply chain initiatives and the need for comprehensive approaches to securing supply chains.
✓ How organizations can operationalize software supply chain security and move beyond “checkbox” compliance, including using Software Bills of Materials (SBOMs) to provide a comprehensive overview of software risk and dependencies.