CAE Lecture Series - Software Supply Chain Security
Date & Time: September 20, 2024 from 02:00 PM - 03:00 PM
Location: Virtual
Lecturer: Aditya Sirish, New York University, Software Supply Chain Security
The software supply chain encompasses the systems, infrastructure, and people which produce a software artifact. In recent years, the software supply chain has increasingly become a target for attackers. For example, in 2020, it was discovered that the Orion software produced by SolarWinds and used by numerous US government agencies was backdoored by attackers who had compromised the company’s software build infrastructure. Since then, software supply chain security has seen increased focus from academia, industry, and open source communities alike.
This talk will present an overview of the software supply chain and the threats it faces, backed by previously seen attacks. Following that, the talk will discuss community efforts at organizations like the Linux Foundation and OWASP as well as work being done in academia to improve visibility and better secure software development processes. Finally, the talk will present related open source projects like intoto, The Update Framework, Sigstore, gittuf, and GUAC.
Meeting Information
*note: this lecture cannot be recorded/posted online, so we encourage you to attend live
MS Teams Information:
Join the meeting now
Meeting ID: 285 904 682 213
Passcode: PoPUNJ
Dial in by phone
+1 872-239-6004,,107950166# United States, Chicago
Find a local number
Phone conference ID: 107 950 166#